diff --git a/VMS/cert_tool/hostaddr.c b/VMS/cert_tool/hostaddr.c new file mode 100644 index 000000000..20041de7f --- /dev/null +++ b/VMS/cert_tool/hostaddr.c @@ -0,0 +1,477 @@ + +#ifdef VMS +#pragma module HOSTADDR "X-1" + +/* +** +** Copyright (c) 2000 Compaq Computer Corporation +** COMPAQ Registered in U.S. Patent and Trademark Office. +** +** Confidential computer software. Valid license from Compaq or +** authorized sublicensor required for possession, use or copying. +** Consistent with FAR 12.211 and 12.212, Commercial Computer Software, +** Computer Software Documentation, and Technical Data for Commercial +** Items are licensed to the U.S. Government under vendor's standard +** commercial license. +** +*/ + +/* +**++ +** +** FACILITY: Apache Web Server +** +** ABSTRACT: +** +** This program determine the hostaddr of the default node or of +** a given hostname. +** +** The command line syntax is: +** +** HOSTADDR [-l log-name] [-s sym-name] [host-name] +** +** where: +** +** -l log-name specifies an optional logical name to receive hostname. +** +** -c sym-name specifies an optional symbol name to receive hostname. +** +** host-name specifies an optional host name to resolve. +** +** AUTHOR: Matthew Doremus CREATION DATE: 07-Jul-2000 +** +** Modification History: +** +** X-1 Matthew Doremus 07-Jul-2000 +** Initial development +** +**-- +** +** Compile/Link instructions: +** +** OpenVMS Alpha/VAX: +** $ CC HOSTADDR+SYS$LIBRARY:SYS$LIB_C/LIBRARY +** $ LINK HOSTADDR +** +*/ + +/* +** Define __NEW_STARLET if it's not already defined +*/ +#ifndef __NEW_STARLET +#define __NEW_STARLET +#define __NEW_STARLET_SET +#endif + +/* +** Include the necessary header files +*/ +#include +#include +#include +#include +#include +#include +#include +#include + +/* +** Undefine __NEW_STARLET if we had defined it +*/ +#ifndef __NEW_STARLET_SET +#undef __NEW_STARLET_SET +#undef __NEW_STARLET +#endif + +/* +** Option Data Structure +*/ +typedef struct _opt_data { + char *log_name; + char *sym_name; + char *host_name; + } OPT_DATA; + +/* +** Local Routine Prototypes +*/ +static void +ParseCmdLine ( + int, + char *[], + OPT_DATA *); + +static void +SetLogName ( + char *, + char *); + +static void +SetSymName ( + char *, + char *); + +static void +Usage (); + +/* +** +** main - Main processing routine for the HOSTADDR utility +** +** Functional Description: +** +** This routine controls overall program execution. +** +** Usage: +** +** main argc, argv, envp +** +** Formal parameters: +** +** argc - (IN) argument count +** argv - (IN) address of an argument array +** envp - (IN) address of an environment string +** +** Implicit Parameters: +** +** None +** +** Routine Value: +** +** None +** +** Side Effects: +** +** None +** +*/ +int +main ( + int argc, + char *argv[], + char *envp[] + ) +{ +struct in_addr *addr_ptr; +char hostname[512+1]; +struct hostent *hp; +OPT_DATA OptData; +char *hostaddr; +int addr_max, + i; + +/* +** Parse the command line +*/ +ParseCmdLine (argc, argv, &OptData); + +/* +** If no host name was given, then use gethostname otherwise +** use the host name given. +*/ +if (! OptData.host_name) + { + if (gethostname (hostname, sizeof (hostname) - 1)) + { + perror ("gethostname"); + exit (1); + } + } +else + strcpy (hostname, OptData.host_name); + +/* +** Get the host address using gethostbyname +*/ +if (! (hp = gethostbyname (hostname))) + { + perror ("gethostbyname"); + exit (1); + } + +/* +** Format the host address(es) into a comma separated list +*/ +addr_max = hp->h_length / sizeof (struct in_addr); +hostaddr = malloc ((addr_max * (15 + 1)) + 1); +addr_ptr = (struct in_addr *) hp->h_addr; +for (i = 0; i < addr_max; i++) + { + if (i > 0) + strcat (hostaddr, ","); + addr_ptr = addr_ptr + (i * sizeof (struct in_addr)); + sprintf (hostaddr + strlen (hostaddr), "%d.%d.%d.%d", + addr_ptr->s_net, addr_ptr->s_host, + addr_ptr->s_lh, addr_ptr->s_impno); + } + +/* +** Define a logical name if one was provided +*/ +if (OptData.log_name) + SetLogName (OptData.log_name, hostaddr); + +/* +** Define a symbol name if one was provided +*/ +if (OptData.sym_name) + SetSymName (OptData.sym_name, hostaddr); + +/* +** print the host address if no logical or symbol name was provided +*/ +if (! OptData.log_name && ! OptData.sym_name) + printf ("%s\n", hostaddr); + +} + +/* +** +** ParseCmdLine - Parse the command line options +** +** Functional Description: +** +** This routine parses the command line options. +** +** Usage: +** +** ParseCmdLine argc, argv, OptData +** +** Formal parameters: +** +** argc - (IN) argument count +** argv - (IN) address of an argument array +** OptData - (OUT) address of command option data structure +** which will contain the parsed input. +** +** Implicit Parameters: +** +** None +** +** Routine Value: +** +** None +** +** Side Effects: +** +** None +** +*/ +static void +ParseCmdLine ( + int argc, + char *argv[], + OPT_DATA *OptData + ) +{ +int option, + i; + +/* +** Initialize the option data +*/ +OptData->log_name = NULL; +OptData->sym_name = NULL; +OptData->host_name = NULL; + +/* +** Process the command line options +*/ +while ((option = getopt (argc, argv, "l:s:?")) != EOF) + { + switch (option) + { + /* + ** Output to logical name ? + */ + case 'l': + OptData->log_name = strdup (optarg); + break; + + /* + ** Output to symbol name ? + */ + case 's': + OptData->sym_name = strdup (optarg); + break; + + /* + ** Invalid argument ? + */ + case '?': + default: + Usage (); + exit (1); + break; + } + } + +/* +** Are the number of parameters correct ? +*/ +if (argc - optind > 1) + { + Usage (); + exit (1); + } + +/* +** Host Name provided ? +*/ +if (argc - optind == 1) + OptData->host_name = strdup (argv[optind]); + +} + +/* +** +** SetLogName - Set a logical name & value +** +** Functional Description: +** +** This routine sets a logical name & value. +** +** Usage: +** +** SetLogName LogName, LogValue +** +** Formal parameters: +** +** LogName - (IN) address of the logical name +** LogValue - (IN) address of the logical value +** +** Implicit Parameters: +** +** None +** +** Routine Value: +** +** None +** +** Side Effects: +** +** None +** +*/ +static void +SetLogName ( + char *LogName, + char *LogValue + ) +{ +struct dsc$descriptor_s log_nam_desc = {0, DSC$K_DTYPE_T, DSC$K_CLASS_S, 0}; +struct dsc$descriptor_s log_val_desc = {0, DSC$K_DTYPE_T, DSC$K_CLASS_S, 0}; +int status; + +/* +** Setup the logical name & value descriptors +*/ +log_nam_desc.dsc$w_length = strlen (LogName); +log_nam_desc.dsc$a_pointer = LogName; +log_val_desc.dsc$w_length = strlen (LogValue); +log_val_desc.dsc$a_pointer = LogValue; + +/* +** Set the logical name & value +*/ +status = lib$set_logical (&log_nam_desc, &log_val_desc, 0, 0, 0); +if (! (status & 1)) + exit (status); + +} + +/* +** +** SetSymName - Set a symbol name & value +** +** Functional Description: +** +** This routine sets a symbol name & value. +** +** Usage: +** +** SetSymName SymName, SymValue +** +** Formal parameters: +** +** SymName - (IN) address of the symbol name +** SymValue - (IN) address of the Symbol value +** +** Implicit Parameters: +** +** None +** +** Routine Value: +** +** None +** +** Side Effects: +** +** None +** +*/ +static void +SetSymName ( + char *SymName, + char *SymValue + ) +{ +struct dsc$descriptor_s sym_nam_desc = {0, DSC$K_DTYPE_T, DSC$K_CLASS_S, 0}; +struct dsc$descriptor_s sym_val_desc = {0, DSC$K_DTYPE_T, DSC$K_CLASS_S, 0}; +int status; + +/* +** Setup the symbol name & value descriptors +*/ +sym_nam_desc.dsc$w_length = strlen (SymName); +sym_nam_desc.dsc$a_pointer = SymName; +sym_val_desc.dsc$w_length = strlen (SymValue); +sym_val_desc.dsc$a_pointer = SymValue; + +/* +** Set the symbol name & value +*/ +status = lib$set_symbol (&sym_nam_desc, &sym_val_desc, &LIB$K_CLI_LOCAL_SYM); +if (! (status & 1)) + exit (status); + +} + +/* +** +** Usage - Display the acceptable unix style command usage +** +** Functional Description: +** +** This routine displays to standard output the appropriate unix style +** command usage. +** +** Usage: +** +** Usage +** +** Formal parameters: +** +** None +** +** Implicit Parameters: +** +** None +** +** Routine Value: +** +** None +** +** Side Effects: +** +** None +** +*/ +static void +Usage () +{ + +fprintf (stdout, "Usage: HOSTADDR [-l log-name] [-s sym-name] [host-name]\n"); + +} +#endif /* #ifdef VMS */ diff --git a/VMS/cert_tool/hostname.c b/VMS/cert_tool/hostname.c new file mode 100644 index 000000000..daf781c1a --- /dev/null +++ b/VMS/cert_tool/hostname.c @@ -0,0 +1,513 @@ + +#ifdef VMS +#pragma module HOSTNAME "X-1" + +/* +** +** Copyright (c) 2000 Compaq Computer Corporation +** COMPAQ Registered in U.S. Patent and Trademark Office. +** +** Confidential computer software. Valid license from Compaq or +** authorized sublicensor required for possession, use or copying. +** Consistent with FAR 12.211 and 12.212, Commercial Computer Software, +** Computer Software Documentation, and Technical Data for Commercial +** Items are licensed to the U.S. Government under vendor's standard +** commercial license. +** +*/ + +/* +**++ +** +** FACILITY: Apache Web Server +** +** ABSTRACT: +** +** This program determine the hostname of the default node or of +** a given hostaddr. +** +** The command line syntax is: +** +** HOSTNAME [-l log-name] [-s sym-name] [host-addr] +** +** where: +** +** -l log-name specifies an optional logical name to receive hostname. +** +** -c sym-name specifies an optional symbol name to receive hostname. +** +** host-addr specifies an optional host address to resolve. +** +** AUTHOR: Matthew Doremus CREATION DATE: 07-Jul-2000 +** +** Modification History: +** +** X-1 Matthew Doremus 07-Jul-2000 +** Initial development +** +**-- +** +** Compile/Link instructions: +** +** OpenVMS Alpha/VAX: +** $ CC HOSTNAME+SYS$LIBRARY:SYS$LIB_C/LIBRARY +** $ LINK HOSTNAME +** +*/ + +/* +** Define __NEW_STARLET if it's not already defined +*/ +#ifndef __NEW_STARLET +#define __NEW_STARLET +#define __NEW_STARLET_SET +#endif + +/* +** Include the necessary header files +*/ +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/* +** Undefine __NEW_STARLET if we had defined it +*/ +#ifndef __NEW_STARLET_SET +#undef __NEW_STARLET_SET +#undef __NEW_STARLET +#endif + +/* +** Option Data Structure +*/ +typedef struct _opt_data { + char *log_name; + char *sym_name; + unsigned char host_addr[4]; + } OPT_DATA; + +/* +** Local Routine Prototypes +*/ +static void +ParseCmdLine ( + int, + char *[], + OPT_DATA *); + +static void +SetLogName ( + char *, + char *); + +static void +SetSymName ( + char *, + char *); + +static void +Usage (); + +/* +** +** main - Main processing routine for the HOSTNAME utility +** +** Functional Description: +** +** This routine controls overall program execution. +** +** Usage: +** +** main argc, argv, envp +** +** Formal parameters: +** +** argc - (IN) argument count +** argv - (IN) address of an argument array +** envp - (IN) address of an environment string +** +** Implicit Parameters: +** +** None +** +** Routine Value: +** +** None +** +** Side Effects: +** +** None +** +*/ +int +main ( + int argc, + char *argv[], + char *envp[] + ) +{ +struct in_addr host_addr; +char hostname[512+1]; +struct hostent *hp; +OPT_DATA OptData; +int i; + +/* +** Parse the command line +*/ +ParseCmdLine (argc, argv, &OptData); + +/* +** If no host address was given, then use gethostname otherwise +** use gethostbyaddr. +*/ +if (! OptData.host_addr[0] && ! OptData.host_addr[1] && + ! OptData.host_addr[2] && ! OptData.host_addr[3]) + { + if (gethostname (hostname, sizeof (hostname) - 1)) + { + perror ("gethostname"); + exit (1); + } + + if (! (hp = gethostbyname (hostname))) + { + perror ("gethostbyname"); + exit (1); + } + } +else + { + host_addr.s_net = OptData.host_addr[0]; + host_addr.s_host = OptData.host_addr[1]; + host_addr.s_lh = OptData.host_addr[2]; + host_addr.s_impno = OptData.host_addr[3]; + + if (! (hp = gethostbyaddr (&host_addr, sizeof (host_addr), AF_INET))) + { + perror ("gethostbyaddr"); + exit (1); + } + } + +/* +** Let's try to determine the best available fully qualified hostname. +*/ +if (hp->h_name) + { + strcpy (hostname, hp->h_name); + if (! strchr (hostname, '.')) + { + for (i = 0; hp->h_aliases[i]; i++) + { + if (strchr (hp->h_aliases[i], '.') && + ! strncasecmp (hp->h_aliases[i], hostname, strlen (hostname))) + { + strcpy (hostname, hp->h_aliases[i]); + break; + } + } + } + } +else + strcpy (hostname, "(unavailable)"); + +/* +** Define a logical name if one was provided +*/ +if (OptData.log_name) + SetLogName (OptData.log_name, hostname); + +/* +** Define a symbol name if one was provided +*/ +if (OptData.sym_name) + SetSymName (OptData.sym_name, hostname); + +/* +** print the host name if no logical or symbol name was provided +*/ +if (! OptData.log_name && ! OptData.sym_name) + printf ("%s\n", hostname); + +} + +/* +** +** ParseCmdLine - Parse the command line options +** +** Functional Description: +** +** This routine parses the command line options. +** +** Usage: +** +** ParseCmdLine argc, argv, OptData +** +** Formal parameters: +** +** argc - (IN) argument count +** argv - (IN) address of an argument array +** OptData - (OUT) address of command option data structure +** which will contain the parsed input. +** +** Implicit Parameters: +** +** None +** +** Routine Value: +** +** None +** +** Side Effects: +** +** None +** +*/ +static void +ParseCmdLine ( + int argc, + char *argv[], + OPT_DATA *OptData + ) +{ +int option, + i; + +/* +** Initialize the option data +*/ +OptData->log_name = NULL; +OptData->sym_name = NULL; +OptData->host_addr[0] = 0; +OptData->host_addr[1] = 0; +OptData->host_addr[2] = 0; +OptData->host_addr[3] = 0; + +/* +** Process the command line options +*/ +while ((option = getopt (argc, argv, "l:s:?")) != EOF) + { + switch (option) + { + /* + ** Output to logical name ? + */ + case 'l': + OptData->log_name = strdup (optarg); + break; + + /* + ** Output to symbol name ? + */ + case 's': + OptData->sym_name = strdup (optarg); + break; + + /* + ** Invalid argument ? + */ + case '?': + default: + Usage (); + exit (1); + break; + } + } + +/* +** Are the number of parameters correct ? +*/ +if (argc - optind > 1) + { + Usage (); + exit (1); + } + +/* +** Host Address provided ? +*/ +if (argc - optind == 1) + { + char *addr_ptr = argv[optind], + *addr_sep; + + for (i = 0; i < 4; i++) + { + if ((addr_sep = strchr (addr_ptr, '.')) && (i < 3)) + *addr_sep = '\0'; + + if (strlen (addr_ptr) == 0 || atoi (addr_ptr) > 255 || + strspn (addr_ptr, "0123456789") != strlen (addr_ptr)) + { + printf ("Invalid TCP/IP address format.\n"); + exit (1); + } + + OptData->host_addr[i] = atoi (addr_ptr); + if (addr_sep) + addr_ptr = addr_sep + 1; + } + } +} + +/* +** +** SetLogName - Set a logical name & value +** +** Functional Description: +** +** This routine sets a logical name & value. +** +** Usage: +** +** SetLogName LogName, LogValue +** +** Formal parameters: +** +** LogName - (IN) address of the logical name +** LogValue - (IN) address of the logical value +** +** Implicit Parameters: +** +** None +** +** Routine Value: +** +** None +** +** Side Effects: +** +** None +** +*/ +static void +SetLogName ( + char *LogName, + char *LogValue + ) +{ +struct dsc$descriptor_s log_nam_desc = {0, DSC$K_DTYPE_T, DSC$K_CLASS_S, 0}; +struct dsc$descriptor_s log_val_desc = {0, DSC$K_DTYPE_T, DSC$K_CLASS_S, 0}; +int status; + +/* +** Setup the logical name & value descriptors +*/ +log_nam_desc.dsc$w_length = strlen (LogName); +log_nam_desc.dsc$a_pointer = LogName; +log_val_desc.dsc$w_length = strlen (LogValue); +log_val_desc.dsc$a_pointer = LogValue; + +/* +** Set the logical name & value +*/ +status = lib$set_logical (&log_nam_desc, &log_val_desc, 0, 0, 0); +if (! (status & 1)) + exit (status); + +} + +/* +** +** SetSymName - Set a symbol name & value +** +** Functional Description: +** +** This routine sets a symbol name & value. +** +** Usage: +** +** SetSymName SymName, SymValue +** +** Formal parameters: +** +** SymName - (IN) address of the symbol name +** SymValue - (IN) address of the Symbol value +** +** Implicit Parameters: +** +** None +** +** Routine Value: +** +** None +** +** Side Effects: +** +** None +** +*/ +static void +SetSymName ( + char *SymName, + char *SymValue + ) +{ +struct dsc$descriptor_s sym_nam_desc = {0, DSC$K_DTYPE_T, DSC$K_CLASS_S, 0}; +struct dsc$descriptor_s sym_val_desc = {0, DSC$K_DTYPE_T, DSC$K_CLASS_S, 0}; +int status; + +/* +** Setup the symbol name & value descriptors +*/ +sym_nam_desc.dsc$w_length = strlen (SymName); +sym_nam_desc.dsc$a_pointer = SymName; +sym_val_desc.dsc$w_length = strlen (SymValue); +sym_val_desc.dsc$a_pointer = SymValue; + +/* +** Set the symbol name & value +*/ +status = lib$set_symbol (&sym_nam_desc, &sym_val_desc, &LIB$K_CLI_LOCAL_SYM); +if (! (status & 1)) + exit (status); + +} + +/* +** +** Usage - Display the acceptable unix style command usage +** +** Functional Description: +** +** This routine displays to standard output the appropriate unix style +** command usage. +** +** Usage: +** +** Usage +** +** Formal parameters: +** +** None +** +** Implicit Parameters: +** +** None +** +** Routine Value: +** +** None +** +** Side Effects: +** +** None +** +*/ +static void +Usage () +{ + +fprintf (stdout, "Usage: HOSTNAME [-l log-name] [-s sym-name] [host-addr]\n"); + +} +#endif /* #ifdef VMS */ diff --git a/VMS/cert_tool/ssl$auth_cert.com b/VMS/cert_tool/ssl$auth_cert.com new file mode 100644 index 000000000..33f5bd3b6 --- /dev/null +++ b/VMS/cert_tool/ssl$auth_cert.com @@ -0,0 +1,639 @@ +$! +$!------------------------------------------------------------------------------ +$! SSL$AUTH_CERT.COM - SSL Certificate Authority procedure +$!------------------------------------------------------------------------------ +$! +$ Verify = F$VERIFY (0) +$ Set NoOn +$ Set NoControl=Y +$! +$!------------------------------------------------------------------------------ +$! Description +$!------------------------------------------------------------------------------ +$! +$! This procedure prompts the user through creating a Server Certificate. +$! +$! There are no parameters used. +$! +$!------------------------------------------------------------------------------ +$! Define symbols +$!------------------------------------------------------------------------------ +$! +$ DELETE := DELETE +$ SAY := WRITE SYS$OUTPUT +$ ASK := READ SYS$COMMAND /END_OF_FILE=EXIT /PROMPT= +$ PID = F$GETJPI ("","PID") +$ TT_NOECHO = F$GETDVI ("TT:","TT_NOECHO") +$ On Control_Y THEN GOTO EXIT +$ Set Control=Y +$! +$ TT_ROWS = F$GETDVI ("TT:","TT_PAGE") +$ TT_COLS = F$GETDVI ("TT:","DEVBUFSIZ") +$! +$ GET_USER_DATA := CALL GET_USER_DATA +$ SET_USER_DATA := CALL SET_USER_DATA +$ DEL_USER_DATA := CALL DEL_USER_DATA +$ INIT_TERM := @SSL$COM:SSL$INIT_TERM +$ SHOW_FILE := @SSL$COM:SSL$SHOW_FILE +$ SSL_CONF_FILE = F$TRNLMN ("SSL$CA_CONF") +$ GET_CONF_DATA := @SSL$COM:SSL$CONF_UTIL 'SSL_CONF_FILE' GET +$ SET_CONF_DATA := @SSL$COM:SSL$CONF_UTIL 'SSL_CONF_FILE' SET +$! +$ ESC[0,8] = 27 ! Set the Escape Character +$ BELL[0,8] = 7 ! Ring the terminal Bell +$ RED = 1 ! Color - Red +$ FGD = 30 ! Foreground +$ BGD = 0 ! Background +$ CSCR = ESC + "[2J" ! Clear the Screen +$ CEOS = ESC + "[0J" ! Clear to the End of the Screen +$ CEOL = ESC + "[0K" ! Clear to the End of the Line +$ NORM = ESC + "[0m" ! Turn Attributes off +$ BLNK = ESC + "[5m" ! Turn on BLINK Attribute +$ WIDE = ESC + "#6" ! Turn on WIDE Attribute +$! +$!------------------------------------------------------------------------------ +$! Run the SSL setup if it hasn't been run yet +$!------------------------------------------------------------------------------ +$! +$ IF F$TRNLNM ("SSL$CA_CONF") .EQS. "" +$ THEN +$ IF F$SEARCH ("SSL$COM:SSL$INIT_ENV.COM") .NES. "" +$ THEN +$ @SSL$COM:SSL$INIT_ENV.COM +$ ELSE +$ SAY BELL, "Unable to locate SSL$COM:SSL$INIT_ENV.COM ..." +$ GOTO EXIT +$ ENDIF +$ ENDIF +$! +$!------------------------------------------------------------------------------ +$! Display the Page Header +$!------------------------------------------------------------------------------ +$! +$ INIT_TERM +$ BCOLOR = BGD +$ FCOLOR = FGD + RED +$ COLOR = ESC + "[''BCOLOR';''FCOLOR'm" +$! +$ TEXT = "SSL Certificate Tool" +$ COL = (TT_COLS - (F$LENGTH (TEXT) * 2)) / 4 +$! +$ SAY ESC + "[01;01H", CSCR +$ SAY ESC + "[02;''COL'H", COLOR, WIDE, TEXT, NORM +$! +$ TEXT = "Create Certification Authority" +$ COL = (TT_COLS - F$LENGTH (TEXT)) / 2 +$! +$ SAY ESC + "[04;01H" +$ SAY ESC + "[04;''COL'H", COLOR, TEXT, NORM +$! +$ ROW = 6 +$ COL = 2 +$ TOP_ROW = ROW +$ MSG_ROW = TT_ROWS - 1 +$! +$!------------------------------------------------------------------------------ +$! Initialize the Request Data +$!------------------------------------------------------------------------------ +$! +$ IF F$SEARCH ("''SSL_CONF_FILE'") .NES. "" +$ THEN +$ SAY ESC + "[''MSG_ROW';01H", BLNK, " Reading Configuration ...", NORM +$ ELSE +$ SAY ESC + "[''MSG_ROW';01H", BLNK, " Initializing Configuration ...", NORM +$ ENDIF +$! +$ _request_name = "req" +$! +$ _distinguished_name = "CA_distinguished_name" +$ _distinguished_name_upd = "Y" +$! +$ _default_bits = "1024" +$ _default_bits_upd = "Y" +$! +$ _default_days = "1825" +$ _default_days_upd = "Y" +$! +$ _default_keyfile = "SSL$KEY:SERVER_CA.KEY" +$ _default_keyfile_upd = "Y" +$! +$ _default_crtfile = "SSL$CRT:SERVER_CA.CRT" +$ _default_crtfile_upd = "Y" +$! +$ _countryName_prompt = "Country Name ?" +$ _countryName_min = "2" +$ _countryName_max = "2" +$ _countryName_default = "US" +$ _countryName_upd = "Y" +$ _countryName_cnt = 4 +$! +$ _0organizationName_prompt = "Organization Name ?" +$ _0organizationName_default = "" +$ _0organizationName_upd = "Y" +$ _0organizationName_cnt = 2 +$! +$ _organizationalUnitName_prompt = "Organization Unit Name ?" +$ _organizationalUnitName_default = "" +$ _organizationalUnitName_upd = "Y" +$ _organizationalUnitName_cnt = 2 +$! +$ _commonName_prompt = "Common Name ?" +$ _commonName_max = "64" +$ _commonName_default = "CA Authority" +$ _commonName_upd = "Y" +$ _commonName_cnt = 3 +$! +$ IF F$SEARCH ("''SSL_CONF_FILE'") .NES. "" +$ THEN +$ GET_CONF_DATA "[''_request_name']#distinguished_name" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _distinguished_name = SSL_CONF_DATA +$ _distinguished_name_upd = "N" +$ ENDIF +$! +$ GET_CONF_DATA "[''_request_name']#default_bits" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _default_bits = SSL_CONF_DATA +$ _default_bits_upd = "N" +$ ENDIF +$! +$ GET_CONF_DATA "[''_request_name']#default_days" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _default_days = SSL_CONF_DATA +$ _default_days_upd = "N" +$ ENDIF +$! +$ GET_CONF_DATA "[''_request_name']#default_keyfile" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _default_keyfile = F$PARSE (SSL_CONF_DATA,"SSL$ROOT:",,"DEVICE") + - + F$PARSE (SSL_CONF_DATA,"[KEY]",,"DIRECTORY") + - + F$PARSE (SSL_CONF_DATA,"SERVER",,"NAME") + - + F$PARSE (SSL_CONF_DATA,".KEY",,"TYPE") +$ _default_keyfile_upd = "N" +$ ENDIF +$! +$ GET_CONF_DATA "[''_request_name']#default_crtfile" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _default_crtfile = F$PARSE (SSL_CONF_DATA,"SSL$ROOT:",,"DEVICE") + - + F$PARSE (SSL_CONF_DATA,"[CRT]",,"DIRECTORY") + - + F$PARSE (SSL_CONF_DATA,"SERVER",,"NAME") + - + F$PARSE (SSL_CONF_DATA,".CRT",,"TYPE") +$ _default_crtfile_upd = "N" +$ ENDIF +$! +$ CTR = 0 +$ GET_CONF_DATA "[''_distinguished_name']#countryName" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _countryName_prompt = SSL_CONF_DATA +$ CTR = CTR + 1 +$ ENDIF +$ GET_CONF_DATA "[''_distinguished_name']#countryName_min" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _countryName_min = SSL_CONF_DATA +$ CTR = CTR + 1 +$ ENDIF +$ GET_CONF_DATA "[''_distinguished_name']#countryName_max" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _countryName_max = SSL_CONF_DATA +$ CTR = CTR + 1 +$ ENDIF +$ GET_CONF_DATA "[''_distinguished_name']#countryName_default" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _countryName_default = SSL_CONF_DATA +$ CTR = CTR + 1 +$ ENDIF +$ IF _countryName_cnt .EQ. CTR THEN _countryName_upd = "N" +$! +$ CTR = 0 +$ GET_CONF_DATA "[''_distinguished_name']#0.organizationName" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _0organizationName_prompt = SSL_CONF_DATA +$ CTR = CTR + 1 +$ ENDIF +$ GET_CONF_DATA "[''_distinguished_name']#0.organizationName_default" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _0organizationName_default = SSL_CONF_DATA +$ CTR = CTR + 1 +$ ENDIF +$ IF _0organizationName_cnt .EQ. CTR THEN _0organizationName_upd = "N" +$! +$ CTR = 0 +$ GET_CONF_DATA "[''_distinguished_name']#organizationalUnitName" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _organizationalUnitName_prompt = SSL_CONF_DATA +$ CTR = CTR + 1 +$ ENDIF +$ GET_CONF_DATA "[''_distinguished_name']#organizationalUnitName_default" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _organizationalUnitName_default = SSL_CONF_DATA +$ CTR = CTR + 1 +$ ENDIF +$ IF _organizationalUnitName_cnt .EQ. CTR THEN _organizationalUnitName_upd = "N" +$! +$ CTR = 0 +$ GET_CONF_DATA "[''_distinguished_name']#commonName" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _commonName_prompt = SSL_CONF_DATA +$ CTR = CTR + 1 +$ ENDIF +$ GET_CONF_DATA "[''_distinguished_name']#commonName_max" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _commonName_max = SSL_CONF_DATA +$ CTR = CTR + 1 +$ ENDIF +$ GET_CONF_DATA "[''_distinguished_name']#commonName_default" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _commonName_default = SSL_CONF_DATA +$ CTR = CTR + 1 +$ ENDIF +$ IF _commonName_cnt .EQ. CTR THEN _commonName_upd = "N" +$ ENDIF +$! +$ SET_USER_DATA "[]#pem_pass_phrase#-##PEM Pass Phrase ?#P#1###Y#Y" +$ SET_USER_DATA "[''_request_name']#default_bits#D#''_default_bits'#Encryption Bits ?#I###''_default_bits_upd'#Y#N" +$ SET_USER_DATA "[''_request_name']#default_days#D#''_default_days'#Default Days ?#I###''_default_days_upd'#Y#N" +$ SET_USER_DATA "[''_request_name']#default_keyfile#D#''_default_keyfile'#CA certificate Key File ?#F###''_default_keyfile_upd'#Y#N" +$ SET_USER_DATA "[''_request_name']#default_crtfile#D#''_default_crtfile'#CA certificate File ?#F###''_default_crtfile_upd'#Y#N" +$ SET_USER_DATA "[''_request_name']#distinguished_name#D#''_distinguished_name'##S###''_distinguished_name_upd'#N#N" +$ SET_USER_DATA "[''_distinguished_name']#countryName#P#''_countryName_default'#''_countryName_prompt'#S#''_countryName_min'#''_countryName_max'#''_countryName_upd'#Y#N" +$ SET_USER_DATA "[''_distinguished_name']#0.organizationName#P#''_0organizationName_default'#''_0organizationName_prompt'#S###''_0organizationName_upd'#Y#N" +$ SET_USER_DATA "[''_distinguished_name']#organizationalUnitName#P#''_organizationalUnitName_default'#''_organizationalUnitName_prompt'#S###''_organizationUnitName_upd'#Y#N" +$ SET_USER_DATA "[''_distinguished_name']#commonName#P#''_commonName_default'#''_commonName_prompt'#S##''_commonName_max'#''_commonName_upd'#Y#N" +$ SET_USER_DATA "[]#display_certificate#-#N#Display the CA certificate ?#S##1##Y#N" +$! +$ SAY ESC + "[''MSG_ROW';01H", CEOS +$! +$!------------------------------------------------------------------------------ +$! Confirm/Update the SSL Configuration Data +$!------------------------------------------------------------------------------ +$! +$ CTR = 1 +$! +$PROMPT_LOOP: +$! +$ IF CTR .LE. SSL_USER_DATA_MAX +$ THEN +$ KEY = F$ELEMENT (0,"#",SSL_USER_DATA_'CTR') ! Key Name +$ ITM = F$ELEMENT (1,"#",SSL_USER_DATA_'CTR') ! Item Name +$ VAL = F$ELEMENT (2,"#",SSL_USER_DATA_'CTR') ! Item Value Contains Default or Prompt +$ DEF = F$ELEMENT (3,"#",SSL_USER_DATA_'CTR') ! Default Value +$ PRM = F$ELEMENT (4,"#",SSL_USER_DATA_'CTR') ! Prompt Value +$ TYP = F$ELEMENT (5,"#",SSL_USER_DATA_'CTR') ! Value Type +$ MIN = F$ELEMENT (6,"#",SSL_USER_DATA_'CTR') ! Value Minimum Length +$ MAX = F$ELEMENT (7,"#",SSL_USER_DATA_'CTR') ! Value Maximum Length +$ UPD = F$ELEMENT (8,"#",SSL_USER_DATA_'CTR') ! Entry Updated ? +$ REQ = F$ELEMENT (9,"#",SSL_USER_DATA_'CTR') ! Entry Required for Input ? +$ CFM = F$ELEMENT (10,"#",SSL_USER_DATA_'CTR')! Confirm Input ? +$ CONFIRMED = 0 +$ IF REQ .EQS. "N" +$ THEN +$ CTR = CTR + 1 +$ GOTO PROMPT_LOOP +$ ENDIF +$ IF ROW .GT. MSG_ROW - 2 +$ THEN +$ SAY ESC + "[''TOP_ROW';01H", CEOS +$ ROW = TOP_ROW +$ ENDIF +$! +$CONFIRM_LOOP: +$! +$ IF PRM .EQS. "" +$ THEN +$ PROMPT = ESC + "[''ROW';''COL'H''ITM' ? [''DEF'] ''CEOL'" +$ ELSE +$ PROMPT = ESC + "[''ROW';''COL'H''PRM' [''DEF'] ''CEOL'" +$ ENDIF +$ IF TYP .EQS. "P" THEN SET TERMINAL /NOECHO +$ ASK "''PROMPT'" ANS /END_OF_FILE=EXIT +$ IF TYP .EQS. "P" THEN SET TERMINAL /ECHO +$ ANS = F$EDIT (ANS,"TRIM") +$ IF ANS .EQS. "" THEN ANS = DEF +$ IF TYP .EQS. "F" +$ THEN +$ ANS = F$PARSE ("''ANS'","''DEF'",,,"SYNTAX_ONLY") +$ ENDIF +$ IF TYP .EQS. "I" .AND. F$TYPE (ANS) .NES. "INTEGER" +$ THEN +$ CALL INVALID_ENTRY +$ SAY ESC + "[''ROW';01H", CEOS +$ GOTO PROMPT_LOOP +$ ENDIF +$ IF (TYP .EQS. "S" .OR. TYP .EQS. "P") .AND. - + ((MIN .NES. "" .AND. F$LENGTH (ANS) .LT. F$INTEGER(MIN)) .OR. - + (MAX .NES. "" .AND. F$LENGTH (ANS) .GT. F$INTEGER(MAX))) +$ THEN +$ CALL INVALID_ENTRY +$ SAY ESC + "[''ROW';01H", CEOS +$ IF TYP .EQS. "S" THEN GOTO PROMPT_LOOP +$ IF TYP .EQS. "P" THEN GOTO CONFIRM_LOOP +$ ENDIF +$ ROW = ROW + 1 +$ IF CFM .EQS. "Y" +$ THEN +$ IF CONFIRMED .EQ. 0 +$ THEN +$ CONFIRMED = 1 +$ CONFIRMED_ANS = ANS +$ PRM = "Confirm ''PRM'" +$ GOTO CONFIRM_LOOP +$ ELSE +$ IF ANS .NES. CONFIRMED_ANS +$ THEN +$ CALL INVALID_ENTRY +$ ROW = ROW - 2 +$ SAY ESC + "[''ROW';01H", CEOS +$ GOTO PROMPT_LOOP +$ ENDIF +$ ENDIF +$ ENDIF +$ IF ANS .NES. DEF THEN SSL_USER_DATA_'CTR' = "''KEY'#''ITM'#''VAL'#''ANS'#''PRM'#''TYP'#''MIN'#''MAX'#Y#''REQ'#''CFM'" +$ CTR = CTR + 1 +$ GOTO PROMPT_LOOP +$ ENDIF +$! +$!------------------------------------------------------------------------------ +$! Save the SSL Configuration Data +$!------------------------------------------------------------------------------ +$! +$ CTR = 1 +$ SAY ESC + "[''MSG_ROW';01H", BLNK, " Saving Configuration ...", NORM +$! +$SAVE_CONF_LOOP: +$! +$ IF CTR .LE. SSL_USER_DATA_MAX +$ THEN +$ KEY = F$ELEMENT (0,"#",SSL_USER_DATA_'CTR') ! Key Name +$ ITM = F$ELEMENT (1,"#",SSL_USER_DATA_'CTR') ! Item Name +$ VAL = F$ELEMENT (2,"#",SSL_USER_DATA_'CTR') ! Item Value Contains Default or Prompt +$ DEF = F$ELEMENT (3,"#",SSL_USER_DATA_'CTR') ! Default Value +$ PRM = F$ELEMENT (4,"#",SSL_USER_DATA_'CTR') ! Prompt Value +$ TYP = F$ELEMENT (5,"#",SSL_USER_DATA_'CTR') ! Value Type +$ MIN = F$ELEMENT (6,"#",SSL_USER_DATA_'CTR') ! Value Minimum Length +$ MAX = F$ELEMENT (7,"#",SSL_USER_DATA_'CTR') ! Value Maximum Length +$ UPD = F$ELEMENT (8,"#",SSL_USER_DATA_'CTR') ! Entry Updated ? +$ REQ = F$ELEMENT (9,"#",SSL_USER_DATA_'CTR') ! Entry Required for Input ? +$ CFM = F$ELEMENT (10,"#",SSL_USER_DATA_'CTR')! Confirm Input ? +$ IF UPD .NES. "Y" .OR. VAL .EQS. "-" +$ THEN +$ CTR = CTR + 1 +$ GOTO SAVE_CONF_LOOP +$ ENDIF +$ IF VAL .EQS. "D" +$ THEN +$ SET_CONF_DATA "''KEY'#''ITM'" "''DEF'" +$ ELSE +$ SET_CONF_DATA "''KEY'#''ITM'" "''PRM'" +$ SET_CONF_DATA "''KEY'#''ITM'_default" "''DEF'" +$ ENDIF +$ IF MIN .NES. "" THEN SET_CONF_DATA "''KEY'#''ITM'_min" "''MIN'" +$ IF MAX .NES. "" THEN SET_CONF_DATA "''KEY'#''ITM'_max" "''MAX'" +$ CTR = CTR + 1 +$ GOTO SAVE_CONF_LOOP +$ ENDIF +$! +$ PURGE /NOLOG /NOCONFIRM 'SSL_CONF_FILE' +$ RENAME 'SSL_CONF_FILE'; ;1 +$! +$ SAY ESC + "[''MSG_ROW';01H", CEOS +$! +$!------------------------------------------------------------------------------ +$! Create the Certificiate Authority +$!------------------------------------------------------------------------------ +$! +$ SAY ESC + "[''MSG_ROW';01H", BLNK, " Creating Certificate Authority ...", NORM +$! +$ X1 = 2 +$ Y1 = TOP_ROW +$ X2 = TT_COLS - 2 +$ Y2 = MSG_ROW - 1 +$! +$ GET_USER_DATA "[''_request_name']#default_days" +$ _default_days = SSL_USER_DATA +$ GET_USER_DATA "[''_request_name']#default_keyfile" +$ _default_keyfile = SSL_USER_DATA +$ GET_USER_DATA "[''_request_name']#default_crtfile" +$ _default_crtfile = SSL_USER_DATA +$ GET_USER_DATA "[]#pem_pass_phrase" +$ _pem_pass_phrase = SSL_USER_DATA +$ GET_USER_DATA "[]#display_certificate" +$ _display_certificate = SSL_USER_DATA +$! +$ DEFINE /USER /NOLOG SYS$ERROR NL: +$ DEFINE /USER /NOLOG SYS$OUTPUT NL: +$ SHOW SYSTEM /FULL /OUT=SYS$LOGIN:SSL_REQ_'PID'.RND +$! +$ OPEN /WRITE OFILE SYS$LOGIN:SSL_REQ_'PID'.COM +$ WRITE OFILE "$ DEFINE /USER /NOLOG RANDFILE SYS$LOGIN:SSL_REQ_''PID'.RND" +$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$ERROR SYS$LOGIN:SSL_REQ_''PID'.LOG" +$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$OUTPUT SYS$LOGIN:SSL_REQ_''PID'.LOG" +$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$COMMAND SYS$INPUT" +$ WRITE OFILE "$ OPENSSL req -config ''SSL_CONF_FILE' -new -x509 -days ''_default_days' -keyout ''_default_keyfile' -out ''_default_crtfile'" +$ WRITE OFILE "''_pem_pass_phrase'" +$ WRITE OFILE "''_pem_pass_phrase'" +$ WRITE OFILE "" +$ WRITE OFILE "" +$ WRITE OFILE "" +$ WRITE OFILE "" +$ CLOSE OFILE +$! +$ @SYS$LOGIN:SSL_REQ_'PID'.COM +$! +$ DELETE/NOLOG/NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.RND;* +$ DELETE/NOLOG/NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.COM;* +$! +$ DEFINE /USER /NOLOG SYS$ERROR NL: +$ DEFINE /USER /NOLOG SYS$OUTPUT NL: +$ SEARCH SYS$LOGIN:SSL_REQ_'PID'.LOG /OUT=SYS$LOGIN:SSL_REQ_'PID'.ERR ":error:" +$ IF F$SEARCH ("SYS$LOGIN:SSL_REQ_''PID'.ERR") .NES. "" +$ THEN +$ IF F$FILE_ATTRIBUTE ("SYS$LOGIN:SSL_REQ_''PID'.ERR","ALQ") .NE. 0 +$ THEN +$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.ERR;* +$ SAY ESC + "[''MSG_ROW';01H''BELL'''CEOS'" +$ SHOW_FILE "SYS$LOGIN:SSL_REQ_''PID'.LOG" 'X1' 'Y1' 'X2' 'Y2' "< ERROR >" +$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.LOG;* +$ GOTO EXIT +$ ENDIF +$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.ERR;* +$ ENDIF +$! +$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.LOG;* +$! +$ IF F$EDIT (_display_certificate,"TRIM,UPCASE") .EQS. "Y" +$ THEN +$ SAY ESC + "[''MSG_ROW';01H", BLNK, " Generating Output ...", NORM, CEOL +$! +$ OPEN /WRITE OFILE SYS$LOGIN:SSL_X509_'PID'.COM +$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$ERROR SYS$LOGIN:SSL_X509_''PID'.LOG" +$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$OUTPUT SYS$LOGIN:SSL_X509_''PID'.LOG" +$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$COMMAND SYS$INPUT" +$ WRITE OFILE "$ OPENSSL x509 -noout -text -in ''_default_crtfile'" +$ CLOSE OFILE +$! +$ @SYS$LOGIN:SSL_X509_'PID'.COM +$! +$ DELETE/NOLOG/NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.COM;* +$! +$ DEFINE /USER /NOLOG SYS$ERROR NL: +$ DEFINE /USER /NOLOG SYS$OUTPUT NL: +$ SEARCH SYS$LOGIN:SSL_X509_'PID'.LOG /OUT=SYS$LOGIN:SSL_X509_'PID'.ERR ":error:" +$ IF F$SEARCH ("SYS$LOGIN:SSL_X509_''PID'.ERR") .NES. "" +$ THEN +$ IF F$FILE_ATTRIBUTE ("SYS$LOGIN:SSL_X509_''PID'.ERR","ALQ") .NE. 0 +$ THEN +$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.ERR;* +$ SAY ESC + "[''MSG_ROW';01H''BELL'''CEOS'" +$ SHOW_FILE "SYS$LOGIN:SSL_X509_''PID'.LOG" 'X1' 'Y1' 'X2' 'Y2' "< ERROR >" +$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.LOG;* +$ GOTO EXIT +$ ENDIF +$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.ERR;* +$ ENDIF +$! +$ SAY ESC + "[''MSG_ROW';01H''CEOS'" +$ SHOW_FILE "SYS$LOGIN:SSL_X509_''PID'.LOG" 'X1' 'Y1' 'X2' 'Y2' "< ''_default_crtfile' >" +$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.LOG;* +$ GOTO EXIT +$ ENDIF +$! +$ TEXT = "Press return to continue" +$ COL = (TT_COLS - F$LENGTH (TEXT)) / 2 +$! +$ SAY ESC + "[''MSG_ROW';01H", CEOS +$ PROMPT = ESC + "[''MSG_ROW';''COL'H''TEXT'" +$ ASK "''PROMPT'" OPT +$! +$GOTO EXIT +$! +$!------------------------------------------------------------------------------ +$! Set the User Data +$!------------------------------------------------------------------------------ +$! +$SET_USER_DATA: SUBROUTINE +$! +$ IF F$TYPE (SSL_USER_DATA_MAX) .EQS. "" +$ THEN +$ SSL_USER_DATA_MAX == 1 +$ ELSE +$ SSL_USER_DATA_MAX == SSL_USER_DATA_MAX + 1 +$ ENDIF +$! +$ SSL_USER_DATA_'SSL_USER_DATA_MAX' == "''P1'" +$! +$ EXIT +$! +$ ENDSUBROUTINE +$! +$!------------------------------------------------------------------------------ +$! Get the User Data +$!------------------------------------------------------------------------------ +$! +$GET_USER_DATA: SUBROUTINE +$! +$ CTR = 1 +$ USER_KEY = F$ELEMENT (0,"#",P1) +$ USER_ITM = F$ELEMENT (1,"#",P1) +$! +$GET_USER_DATA_LOOP: +$! +$ IF CTR .LE. SSL_USER_DATA_MAX +$ THEN +$ KEY = F$ELEMENT (0,"#",SSL_USER_DATA_'CTR') ! Key Name +$ ITM = F$ELEMENT (1,"#",SSL_USER_DATA_'CTR') ! Item Name +$ VAL = F$ELEMENT (2,"#",SSL_USER_DATA_'CTR') ! Item Value Contains Default or Prompt +$ DEF = F$ELEMENT (3,"#",SSL_USER_DATA_'CTR') ! Default Value +$ PRM = F$ELEMENT (4,"#",SSL_USER_DATA_'CTR') ! Prompt Value +$ IF USER_KEY .NES. KEY .OR. USER_ITM .NES. ITM +$ THEN +$ CTR = CTR + 1 +$ GOTO GET_USER_DATA_LOOP +$ ENDIF +$ IF VAL .EQS. "-" THEN SSL_USER_DATA == "''DEF'" +$ IF VAL .EQS. "D" THEN SSL_USER_DATA == "''DEF'" +$ IF VAL .EQS. "P" THEN SSL_USER_DATA == "''PRM'" +$ ENDIF +$! +$ EXIT +$! +$ ENDSUBROUTINE +$! +$!------------------------------------------------------------------------------ +$! Delete the User Data +$!------------------------------------------------------------------------------ +$! +$DEL_USER_DATA: SUBROUTINE +$! +$ IF F$TYPE (SSL_USER_DATA_MAX) .EQS. "" THEN GOTO DEL_USER_DATA_END +$! +$DEL_USER_DATA_LOOP: +$! +$ IF F$TYPE (SSL_USER_DATA_'SSL_USER_DATA_MAX') .NES. "" +$ THEN +$ DELETE /SYMBOL /GLOBAL SSL_USER_DATA_'SSL_USER_DATA_MAX' +$ SSL_USER_DATA_MAX == SSL_USER_DATA_MAX - 1 +$ GOTO DEL_USER_DATA_LOOP +$ ENDIF +$! +$ DELETE /SYMBOL /GLOBAL SSL_USER_DATA_MAX +$! +$DEL_USER_DATA_END: +$! +$ IF F$TYPE (SSL_USER_DATA) .NES. "" THEN DELETE /SYMBOL /GLOBAL SSL_USER_DATA +$! +$ EXIT +$! +$ ENDSUBROUTINE +$! +$!------------------------------------------------------------------------------ +$! Display the invalid entry +$!------------------------------------------------------------------------------ +$! +$INVALID_ENTRY: SUBROUTINE +$! +$ SAY ESC + "[''MSG_ROW';01H", BELL, " Invalid Entry, Try again ...''CEOL'" +$ Wait 00:00:01.5 +$ SAY ESC + "[''MSG_ROW';01H", CEOL +$! +$ EXIT +$! +$ ENDSUBROUTINE +$! +$!------------------------------------------------------------------------------ +$! Exit the procedure +$!------------------------------------------------------------------------------ +$! +$EXIT: +$! +$ DEFINE /USER /NOLOG SYS$ERROR NL: +$ DEFINE /USER /NOLOG SYS$OUTPUT NL: +$ CLOSE OFILE +$! +$ DEL_USER_DATA +$! +$ IF F$TYPE (SSL_CONF_DATA) .NES. "" THEN DELETE /SYMBOL /GLOBAL SSL_CONF_DATA +$! +$ IF F$GETDVI ("TT:","TT_NOECHO") .AND. .NOT. TT_NOECHO THEN SET TERMINAL /ECHO +$! +$ IF F$SEARCH ("SYS$LOGIN:SSL_REQ_''PID'.%%%;*") .NES. "" THEN DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.%%%;* +$ IF F$SEARCH ("SYS$LOGIN:SSL_X509_''PID'.%%%;*") .NES. "" THEN DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.%%%;* +$! +$ Verify = F$VERIFY (Verify) +$! +$ EXIT diff --git a/VMS/cert_tool/ssl$auto_cert.com b/VMS/cert_tool/ssl$auto_cert.com new file mode 100644 index 000000000..39e4679e1 --- /dev/null +++ b/VMS/cert_tool/ssl$auto_cert.com @@ -0,0 +1,101 @@ +$! +$!------------------------------------------------------------------------------ +$! SSL$AUTO_CERT.COM - SSL Automatic Self-Signed Certificate procedure +$!------------------------------------------------------------------------------ +$! +$ Verify = F$VERIFY (0) +$! +$ Set NoOn +$ Set NoControl=Y +$! +$!------------------------------------------------------------------------------ +$! Define Symbols +$!------------------------------------------------------------------------------ +$! +$ OPENSSL :== $ SSL$EXE:OPENSSL +$ HOSTNAME :== $ SSL$EXE:SSL$HOSTNAME +$! +$ HOSTNAME -s HOST_NAME +$ PID = F$GETJPI ("","PID") +$ USER = F$EDIT (F$GETJPI ("","USERNAME"),"TRIM") +$ KEY_FILE = "SSL$KEY:SERVER.KEY" +$ CRT_FILE = "SSL$CRT:SERVER.CRT" +$! +$!------------------------------------------------------------------------------ +$! Create a Temporary SSL Configuration +$!------------------------------------------------------------------------------ +$! +$ OPEN /WRITE CFILE SYS$LOGIN:SSL_'PID'.CNF +$ WRITE CFILE "[req]" +$ WRITE CFILE "default_bits = 1024" +$ WRITE CFILE "distinguished_name = REQ_distinguished_name" +$ WRITE CFILE "[REQ_distinguished_name]" +$ WRITE CFILE "countryName = Country Name ?" +$ WRITE CFILE "countryName_default = " +$ WRITE CFILE "stateOrProvinceName = State or Province Name ?" +$ WRITE CFILE "stateOrProvinceName_default = " +$ WRITE CFILE "localityName = City Name ?" +$ WRITE CFILE "localityName_default = " +$ WRITE CFILE "0.organizationName = Organization Name ?" +$ WRITE CFILE "0.organizationName_default = " +$ WRITE CFILE "organizationalUnitName = Organization Unit Name ? +$ WRITE CFILE "organizationalUnitName_default = " +$ WRITE CFILE "commonName = Common Name ?" +$ WRITE CFILE "commonName_default = ''HOST_NAME'" +$ WRITE CFILE "emailAddress = Email Address ?" +$ WRITE CFILE "emailAddress_default = ''USER'@''HOST_NAME'" +$ CLOSE CFILE +$! +$!------------------------------------------------------------------------------ +$! Create the Self-Signed Server Certificiate +$!------------------------------------------------------------------------------ +$! +$ DEFINE /USER /NOLOG SYS$ERROR NL: +$ DEFINE /USER /NOLOG SYS$OUTPUT NL: +$ SHOW SYSTEM /FULL /OUT=SYS$LOGIN:SSL_'PID'.RND +$! +$ OPEN /WRITE OFILE SYS$LOGIN:SSL_'PID'.COM +$ WRITE OFILE "$ DEFINE /USER /NOLOG RANDFILE SYS$LOGIN:SSL_''PID'.RND" +$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$ERROR SYS$LOGIN:SSL_''PID'.LOG" +$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$OUTPUT SYS$LOGIN:SSL_''PID'.LOG" +$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$COMMAND SYS$INPUT" +$ WRITE OFILE "$ OPENSSL req -nodes -new -days 30 -x509 -config SYS$LOGIN:SSL_''PID'.CNF -keyout ''KEY_FILE' -out ''CRT_FILE'" +$ WRITE OFILE "" +$ WRITE OFILE "" +$ WRITE OFILE "" +$ WRITE OFILE "" +$ WRITE OFILE "" +$ WRITE OFILE "" +$ WRITE OFILE "" +$ CLOSE OFILE +$! +$ @SYS$LOGIN:SSL_'PID'.COM +$! +$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_'PID'.CNF;* +$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_'PID'.RND;* +$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_'PID'.COM;* +$! +$ DEFINE /USER /NOLOG SYS$ERROR NL: +$ DEFINE /USER /NOLOG SYS$OUTPUT NL: +$ SEARCH SYS$LOGIN:SSL_'PID'.LOG /OUT=SYS$LOGIN:SSL_'PID'.ERR ":error:" +$! +$ IF F$SEARCH ("SYS$LOGIN:SSL_''PID'.ERR") .NES. "" +$ THEN +$ IF F$FILE_ATTRIBUTE ("SYS$LOGIN:SSL_''PID'.ERR","ALQ") .NE. 0 +$ THEN +$ TYPE SYS$LOGIN:SSL_'PID'.LOG +$ ENDIF +$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_'PID'.ERR;* +$ ENDIF +$! +$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_'PID'.LOG;* +$! +$!------------------------------------------------------------------------------ +$! Exit +$!------------------------------------------------------------------------------ +$! +$EXIT: +$! +$ Verify = F$VERIFY (Verify) +$! +$ EXIT diff --git a/VMS/cert_tool/ssl$cert_tool.com b/VMS/cert_tool/ssl$cert_tool.com new file mode 100644 index 000000000..4c64b89b7 --- /dev/null +++ b/VMS/cert_tool/ssl$cert_tool.com @@ -0,0 +1,231 @@ +$! +$!------------------------------------------------------------------------------ +$! SSL$CERT_TOOL.COM - SSL Certificate Tool procedure +$!------------------------------------------------------------------------------ +$! +$ Verify = F$VERIFY (0) +$ Set NoOn +$ Set NoControl=Y +$! +$!------------------------------------------------------------------------------ +$! Description +$!------------------------------------------------------------------------------ +$! +$! This procedure provides the user a menu from which they can choose desired +$! SSL Certificate processing. +$! +$! There are no parameters used. +$! +$!------------------------------------------------------------------------------ +$! Define symbols +$!------------------------------------------------------------------------------ +$! +$ DELETE := DELETE +$ SAY := WRITE SYS$OUTPUT +$ ASK := READ SYS$COMMAND /END_OF_FILE=EXIT /PROMPT= +$ On Control_Y THEN GOTO EXIT +$ Set Control=Y +$! +$ TT_ROWS = f$getdvi ("TT:","TT_PAGE") +$ TT_COLS = f$getdvi ("TT:","DEVBUFSIZ") +$! +$ SET_MENU_DATA := CALL SET_MENU_DATA +$ DEL_MENU_DATA := CALL DEL_MENU_DATA +$! +$ ESC[0,8] = 27 ! Set the Escape Character +$ BELL[0,8] = 7 ! Ring the terminal Bell +$ RED = 1 ! Color - Red +$ FGD = 30 ! Foreground +$ BGD = 0 ! Background +$ CSCR = ESC + "[2J" ! Clear the Screen +$ CEOS = ESC + "[0J" ! Clear to the End of the Screen +$ CEOL = ESC + "[0K" ! Clear to the End of the Line +$ NORM = ESC + "[0m" ! Turn Attributes off +$ BOLD = ESC + "[1m" ! Turn on BOLD Attribute +$ WIDE = ESC + "#6" ! Turn on WIDE Attribute +$! +$!------------------------------------------------------------------------------ +$! Run the SSL setup if it hasn't been run yet +$!------------------------------------------------------------------------------ +$! +$ IF F$TRNLNM ("SSL$CA_CONF") .EQS. "" +$ THEN +$ IF F$SEARCH ("SSL$COM:SSL$INIT_ENV.COM") .NES. "" +$ THEN +$ @SSL$COM:SSL$INIT_ENV.COM +$ ELSE +$ SAY BELL, "Unable to locate SSL$COM:SSL$INIT_ENV.COM ..." +$ GOTO EXIT +$ ENDIF +$ ENDIF +$! +$!------------------------------------------------------------------------------ +$! Initialize the Menu Items +$!------------------------------------------------------------------------------ +$! +$ SET_MENU_DATA "View a Certificate#@SSL$COM:SSL$VIEW_CERT.COM CRT" +$ SET_MENU_DATA "View a Certificate Signing Request#@SSL$COM:SSL$VIEW_CERT.COM CSR" +$ SET_MENU_DATA "Create a Certificate Signing Request#@SSL$COM:SSL$RQST_CERT.COM" +$ SET_MENU_DATA "Create a Self-Signed Certificate#@SSL$COM:SSL$SELF_CERT.COM" +$ SET_MENU_DATA "Create a CA (Certification Authority) Certificate#@SSL$COM:SSL$AUTH_CERT.COM" +$ SET_MENU_DATA "Sign a Certificate Signing Request#@SSL$COM:SSL$SIGN_CERT.COM" +$ SET_MENU_DATA "Hash Certificates#@SSL$COM:SSL$HASH_CERT.COM CRT" +$ SET_MENU_DATA "Hash Certificate Revocations#@SSL$COM:SSL$HASH_CERT.COM CRL" +$ SET_MENU_DATA "Exit#GOTO EXIT" +$! +$!------------------------------------------------------------------------------ +$! Display the Page Header +$!------------------------------------------------------------------------------ +$! +$PAGE_LOOP: +$! +$ BCOLOR = BGD +$ FCOLOR = FGD + RED +$ COLOR = ESC + "[''BCOLOR';''FCOLOR'm" +$! +$ TEXT = "SSL Certificate Tool" +$ COL = (TT_COLS - (F$LENGTH (TEXT) * 2)) / 4 +$! +$ SAY ESC + "[01;01H", CSCR +$ SAY ESC + "[02;''COL'H", COLOR, WIDE, TEXT, NORM +$! +$ TEXT = "Main Menu" +$ COL = (TT_COLS - F$LENGTH (TEXT)) / 2 +$! +$ SAY ESC + "[04;01H" +$ SAY ESC + "[04;''COL'H", COLOR, TEXT, NORM +$! +$ CTR = 1 +$ ROW = 6 +$ COL = (TT_COLS - (SSL_MENU_ITEM_MAX + 4)) / 2 +$ TOP_ROW = ROW +$ SEP_ROWS = 2 +$ MSG_ROW = TT_ROWS - 1 +$! +$!------------------------------------------------------------------------------ +$! Process the menu options +$!------------------------------------------------------------------------------ +$! +$MENU_LOOP: +$! +$ IF CTR .LE. SSL_MENU_DATA_MAX +$ THEN +$ OPT = F$ELEMENT (0,"#",SSL_MENU_DATA_'CTR') ! Option String +$ CMD = F$ELEMENT (1,"#",SSL_MENU_DATA_'CTR') ! Command String +$ IF ROW .GE. (MSG_ROW - (SEP_ROWS + 2)) .AND. SEP_ROWS .GT. 1 +$ THEN +$ SAY ESC + "[''TOP_ROW';01H", CEOS +$ ROW = TOP_ROW +$ SEP_ROWS = 1 +$ CTR = 1 +$ ELSE +$ NUM = F$FAO ("!2SL", CTR) +$ SAY ESC + "[''ROW';''COL'H", BOLD, "''NUM'. ", NORM, "''OPT'" +$ ROW = ROW + SEP_ROWS +$ CTR = CTR + 1 +$ ENDIF +$ GOTO MENU_LOOP +$ ENDIF +$! +$ ROW = ROW + 1 +$! +$!------------------------------------------------------------------------------ +$! Prompt the user for input +$!------------------------------------------------------------------------------ +$! +$PROMPT_LOOP: +$! +$ PROMPT = ESC + "[''ROW';''COL'HEnter Option: ''CEOL'" +$ ASK "''PROMPT'" OPT /END_OF_FILE=EXIT +$ OPT = F$EDIT (OPT, "TRIM") +$ IF OPT .EQS. "" THEN GOTO PROMPT_LOOP +$! +$ IF F$TYPE (OPT) .NES. "INTEGER" .OR. - + F$INTEGER (OPT) .LE. 0 .OR. - + F$INTEGER (OPT) .GT. SSL_MENU_DATA_MAX +$ THEN +$ CALL INVALID_OPTION +$ GOTO PROMPT_LOOP +$ ENDIF +$! +$ CMD = F$ELEMENT (1,"#",SSL_MENU_DATA_'OPT') +$! +$ 'CMD' +$! +$ GOTO PAGE_LOOP +$! +$!------------------------------------------------------------------------------ +$! Set the Menu Data +$!------------------------------------------------------------------------------ +$! +$SET_MENU_DATA: SUBROUTINE +$! +$ IF F$TYPE (SSL_MENU_DATA_MAX) .EQS. "" +$ THEN +$ SSL_MENU_DATA_MAX == 1 +$ SSL_MENU_ITEM_MAX == 0 +$ ELSE +$ SSL_MENU_DATA_MAX == SSL_MENU_DATA_MAX + 1 +$ ENDIF +$! +$ SSL_MENU_DATA_'SSL_MENU_DATA_MAX' == "''P1'" +$! +$ MENU_ITEM = F$ELEMENT (0,"#",SSL_MENU_DATA_'SSL_MENU_DATA_MAX') +$ IF F$LENGTH (MENU_ITEM) .GT. SSL_MENU_ITEM_MAX THEN SSL_MENU_ITEM_MAX == F$LENGTH (MENU_ITEM) +$! +$ EXIT +$! +$ ENDSUBROUTINE +$! +$!------------------------------------------------------------------------------ +$! Delete the Menu Data +$!------------------------------------------------------------------------------ +$! +$DEL_MENU_DATA: SUBROUTINE +$! +$ IF F$TYPE (SSL_MENU_DATA_MAX) .EQS. "" THEN GOTO DEL_MENU_DATA_END +$! +$DEL_MENU_DATA_LOOP: +$! +$ IF F$TYPE (SSL_MENU_DATA_'SSL_MENU_DATA_MAX') .NES. "" +$ THEN +$ DELETE /SYMBOL /GLOBAL SSL_MENU_DATA_'SSL_MENU_DATA_MAX' +$ SSL_MENU_DATA_MAX == SSL_MENU_DATA_MAX - 1 +$ GOTO DEL_MENU_DATA_LOOP +$ ENDIF +$! +$ DELETE /SYMBOL /GLOBAL SSL_MENU_DATA_MAX +$! +$DEL_MENU_DATA_END: +$! +$ IF F$TYPE (SSL_MENU_ITEM_MAX) .NES. "" THEN DELETE /SYMBOL /GLOBAL SSL_MENU_ITEM_MAX +$! +$ EXIT +$! +$ ENDSUBROUTINE +$! +$!------------------------------------------------------------------------------ +$! Display the invalid entry +$!------------------------------------------------------------------------------ +$! +$INVALID_OPTION: SUBROUTINE +$! +$ SAY ESC + "[''MSG_ROW';01H", BELL, " Invalid Option, Try again ...''CEOL'" +$ Wait 00:00:01.5 +$ SAY ESC + "[''MSG_ROW';01H", CEOL +$! +$ EXIT +$! +$ ENDSUBROUTINE +$! +$!------------------------------------------------------------------------------ +$! Exit +$!------------------------------------------------------------------------------ +$! +$EXIT: +$! +$ DEL_MENU_DATA +$! +$ Verify = F$VERIFY (Verify) +$! +$ EXIT diff --git a/VMS/cert_tool/ssl$conf_util.com b/VMS/cert_tool/ssl$conf_util.com new file mode 100644 index 000000000..80c11092a --- /dev/null +++ b/VMS/cert_tool/ssl$conf_util.com @@ -0,0 +1,220 @@ +$! +$!------------------------------------------------------------------------------ +$! SSL$CONF_UTIL.COM - SSL Configuration Utility procedure +$!------------------------------------------------------------------------------ +$! +$ Verify = F$VERIFY (0) +$ Set NoOn +$ Set NoControl=Y +$! +$!------------------------------------------------------------------------------ +$! Description +$!------------------------------------------------------------------------------ +$! +$! This procedure gets or sets a given key item in a SSL configuration file. +$! The parameters used are: +$! +$! P1 - SSL Configuration File +$! P2 - SSL Configuration Function (i.e. GET/SET) +$! P3 - SSL Configuration Key/Item (delimited by '#') +$! P4 - SSL Configuration Key/Item Value (for SET function only) +$! +$!------------------------------------------------------------------------------ +$! Define symbols +$!------------------------------------------------------------------------------ +$! +$ SSL_CONF_DATA == "" +$ SAY := WRITE SYS$OUTPUT +$ ASK := READ SYS$COMMAND /END_OF_FILE=EXIT /PROMPT= +$ On Control_Y THEN GOTO EXIT +$ Set Control=Y +$! +$!------------------------------------------------------------------------------ +$! Process parameters +$!------------------------------------------------------------------------------ +$! +$ KEY_FOUND = 0 +$ ITM_FOUND = 0 +$ P1 = F$EDIT (P1,"TRIM") +$ P2 = F$EDIT (P2,"TRIM,UPCASE") +$ KEY = F$ELEMENT (0,"#",P3) +$ ITM = F$ELEMENT (1,"#",P3) +$! +$!------------------------------------------------------------------------------ +$! Process the configuration function +$!------------------------------------------------------------------------------ +$! +$ IF P2 .EQS. "GET" THEN GOSUB GET_CONF_DATA +$ IF P2 .EQS. "SET" THEN GOSUB SET_CONF_DATA +$! +$ GOTO EXIT +$! +$!------------------------------------------------------------------------------ +$! Get the configuration data +$!------------------------------------------------------------------------------ +$! +$GET_CONF_DATA: +$! +$ OPEN /READ /ERROR=OPEN_ERROR IFILE 'P1' +$! +$GET_CONF_DATA_LOOP: +$! +$ READ /ERROR=READ_ERROR /END_OF_FILE=GET_CONF_DATA_END IFILE IREC +$! +$ SREC = IREC +$ IPOS = F$LOCATE ("#",IREC) +$ IF IPOS .NE. F$LENGTH (IREC) THEN IREC = F$EXTRACT (0,IPOS,IREC) +$ IREC = F$EDIT (IREC,"COLLAPSE") + +$ IF IREC .EQS. "" THEN GOTO GET_CONF_DATA_LOOP +$! +$ IF IREC .EQS. KEY +$ THEN +$ KEY_FOUND = 1 +$ GOTO GET_CONF_DATA_LOOP +$ ENDIF +$! +$ IF KEY_FOUND .EQ. 1 +$ THEN +$ IF F$EXTRACT (0,1,IREC) .EQS. "[" .AND. F$EXTRACT (F$LENGTH (IREC)-1,1,IREC) .EQS. "]" +$ THEN +$ SSL_CONF_DATA == "" +$ GOTO GET_CONF_DATA_END +$ ENDIF +$! +$ IF ITM .EQS. F$EDIT (F$ELEMENT (0,"=",IREC),"TRIM") +$ THEN +$ VAL = F$EDIT (F$ELEMENT (1,"=",SREC),"TRIM") +$ SSL_CONF_DATA == "''VAL'" +$ GOTO GET_CONF_DATA_END +$ ENDIF +$ ENDIF +$! +$ GOTO GET_CONF_DATA_LOOP +$! +$GET_CONF_DATA_END: +$! +$ CLOSE /ERROR=CLOSE_ERROR IFILE +$! +$ RETURN +$! +$!------------------------------------------------------------------------------ +$! Set the configuration data +$!------------------------------------------------------------------------------ +$! +$SET_CONF_DATA: +$! +$ IF F$SEARCH ("''P1'") .EQS. "" THEN CREATE /NOLOG 'P1' +$! +$ OPEN /READ /ERROR=OPEN_ERROR IFILE 'P1' +$ OPEN /WRITE /ERROR=OPEN_ERROR OFILE 'P1' +$! +$SET_CONF_DATA_LOOP: +$! +$ READ /ERROR=READ_ERROR /END_OF_FILE=SET_CONF_DATA_END IFILE IREC +$! +$ IF ITM_FOUND .EQ. 1 +$ THEN +$ WRITE /ERROR=WRITE_ERROR OFILE IREC +$ GOTO SET_CONF_DATA_LOOP +$ ENDIF +$! +$ SREC = IREC +$ IPOS = F$LOCATE ("#",IREC) +$ IF IPOS .NE. F$LENGTH (IREC) THEN IREC = F$EXTRACT (0,IPOS,IREC) +$ IREC = F$EDIT (IREC,"COLLAPSE") +$! +$ IF IREC .EQS. "" +$ THEN +$ WRITE /ERROR=WRITE_ERROR OFILE SREC +$ GOTO SET_CONF_DATA_LOOP +$ ENDIF +$! +$ IF IREC .EQS. KEY +$ THEN +$ KEY_FOUND = 1 +$ WRITE /ERROR=WRITE_ERROR OFILE SREC +$ GOTO SET_CONF_DATA_LOOP +$ ENDIF +$! +$ IF KEY_FOUND .EQ. 1 +$ THEN +$ IF F$EXTRACT (0,1,IREC) .EQS. "[" .AND. F$EXTRACT (F$LENGTH (IREC)-1,1,IREC) .EQS. "]" +$ THEN +$ WRITE /ERROR=WRITE_ERROR OFILE "''ITM' = ''P4'" +$ WRITE /ERROR=WRITE_ERROR OFILE SREC +$ ITM_FOUND = 1 +$ GOTO SET_CONF_DATA_LOOP +$ ENDIF +$! +$ IF ITM .EQS. F$EDIT (F$ELEMENT (0,"=",IREC),"TRIM") +$ THEN +$ WRITE /ERROR=WRITE_ERROR OFILE "''ITM' = ''P4'" +$ ITM_FOUND = 1 +$ GOTO SET_CONF_DATA_LOOP +$ ENDIF +$ ENDIF +$! +$ WRITE /ERROR=WRITE_ERROR OFILE SREC +$! +$ GOTO SET_CONF_DATA_LOOP +$! +$SET_CONF_DATA_END: +$! +$ IF KEY_FOUND .EQ. 0 +$ THEN +$ WRITE /ERROR=WRITE_ERROR OFILE "''KEY'" +$ WRITE /ERROR=WRITE_ERROR OFILE "''ITM' = ''P4'" +$ ENDIF +$! +$ IF KEY_FOUND .EQ. 1 .AND. ITM_FOUND .EQ. 0 +$ THEN +$ WRITE /ERROR=WRITE_ERROR OFILE "''ITM' = ''P4'" +$ ENDIF +$! +$ CLOSE IFILE +$ CLOSE OFILE +$! +$ RETURN +$! +$!------------------------------------------------------------------------------ +$! File Errors +$!------------------------------------------------------------------------------ +$! +$OPEN_ERROR: +$! +$ SAY "Open error for file ''P1' ... aborting ''P2'" +$ GOTO EXIT +$! +$READ_ERROR: +$! +$ SAY "Read error for file ''P1' ... aborting ''P2'" +$ GOTO EXIT +$! +$WRITE_ERROR: +$! +$ SAY "Write error for file ''P1' ... aborting ''P2'" +$ GOTO EXIT +$! +$CLOSE_ERROR: +$! +$ SAY "Close error for file ''P1' ... aborting ''P2'" +$ GOTO EXIT +$! +$!------------------------------------------------------------------------------ +$! Exit +$!------------------------------------------------------------------------------ +$! +$EXIT: +$! +$ DEFINE /USER /NOLOG SYS$ERROR NL: +$ DEFINE /USER /NOLOG SYS$OUTPUT NL: +$ CLOSE IFILE +$! +$ DEFINE /USER /NOLOG SYS$ERROR NL: +$ DEFINE /USER /NOLOG SYS$OUTPUT NL: +$ CLOSE OFILE +$! +$ Verify = F$VERIFY (Verify) +$! +$ EXIT 1 diff --git a/VMS/cert_tool/ssl$draw_box.com b/VMS/cert_tool/ssl$draw_box.com new file mode 100644 index 000000000..58ced48d1 --- /dev/null +++ b/VMS/cert_tool/ssl$draw_box.com @@ -0,0 +1,109 @@ +$! +$!------------------------------------------------------------------------------ +$! SSL$DRAW_BOX.COM - SSL Draw Box procedure +$!------------------------------------------------------------------------------ +$! +$ Verify = F$VERIFY (0) +$ Set NoOn +$ Set NoControl=Y +$! +$!------------------------------------------------------------------------------ +$! Description +$!------------------------------------------------------------------------------ +$! +$! This procedure draws a box with the specified coordinates. +$! +$! The parameters used are: +$! +$! P1 - X1 coordinate +$! P2 - Y1 coordinate +$! P3 - X2 coordinate +$! P4 - Y3 coordinate +$! P5 - Box Header (Optional) +$! P6 - Box Footer (Optional) +$! P7 - Fill Box (Optional) +$! +$!------------------------------------------------------------------------------ +$! Define symbols +$!------------------------------------------------------------------------------ +$! +$ SAY := WRITE SYS$OUTPUT +$ On Control_Y THEN GOTO EXIT +$ Set Control=Y +$! +$ FILL_BOX := @SSL$COM:SSL$FILL_BOX +$! +$ ESC[0,8] = 27 ! Set the Escape Character +$ GRPH_ON[0,8] = 14 ! Turn GRAPHICS mode On +$ GRPH_OFF[0,8] = 15 ! Turn GRAPHICS mode Off +$ NORM = ESC + "[0m" ! Turn Attributes off +$ BOLD = ESC + "[1m" ! Turn on BOLD Attribute +$! +$!------------------------------------------------------------------------------ +$! Draw the box +$!------------------------------------------------------------------------------ +$! +$ X1 = F$INTEGER (P1) +$ Y1 = F$INTEGER (P2) +$ X2 = F$INTEGER (P3) +$ Y2 = F$INTEGER (P4) +$! +$ ROW = Y1 + 1 +$ COL = X1 + 1 +$ SIDE1 = X1 +$ SIDE2 = X2 + 1 +$ TOP = "l" + F$FAO("!#*q", x2 - x1) + "k" +$ BOT = "m" + F$FAO("!#*q", x2 - x1) + "j" +$! +$ SAY ESC + "[''Y1';''X1'H", BOLD, GRPH_ON, TOP, GRPH_OFF, NORM +$! +$SIDES: +$! +$ SAY ESC + "[''ROW';''SIDE1'H",BOLD,GRPH_ON,"x",GRPH_OFF,NORM +$ SAY ESC + "[''ROW';''SIDE2'H",BOLD,GRPH_ON,"x",GRPH_OFF,NORM +$! +$ IF ROW .LT. Y2 +$ THEN +$ ROW = ROW + 1 +$ GOTO SIDES +$ ENDIF +$! +$ SAY ESC + "[''Y2';''X1'H", BOLD, GRPH_ON, BOT, GRPH_OFF, NORM +$! +$ IF P5 .NES. "" +$ THEN +$ IF F$LENGTH(P5) .GT. X2 - X1 +$ THEN +$ HEADER = F$EXTRACT (0, (X2 - X1 - 4), P5) +$ ELSE +$ HEADER = P5 +$ ENDIF +$ COL = X1 + ((X2 - X1 - F$LENGTH(HEADER)) / 2) +$ SAY ESC + "[''Y1';''COL'H''BOLD'''HEADER'''NORM'" +$ ENDIF +$! +$ IF P6 .NES. "" +$ THEN +$ IF F$LENGTH(P6) .GT. X2 - X1 +$ THEN +$ FOOTER = F$EXTRACT (0, (X2 - X1 - 4), P6) +$ ELSE +$ FOOTER = P6 +$ ENDIF +$ COL = X1 + ((X2 - X1 - F$LENGTH(FOOTER)) / 2) +$ SAY ESC + "[''Y2';''COL'H''BOLD'''FOOTER'''NORM'" +$ ENDIF +$! +$ IF P7 .EQS. "" .OR. P7 .EQS. "Y" THEN FILL_BOX 'X1' 'Y1' 'X2' 'Y2' +$! +$ GOTO EXIT +$! +$!------------------------------------------------------------------------------ +$! Exit +$!------------------------------------------------------------------------------ +$! +$EXIT: +$! +$ Verify = F$VERIFY (Verify) +$! +$ EXIT diff --git a/VMS/cert_tool/ssl$exit_cmd.tpu b/VMS/cert_tool/ssl$exit_cmd.tpu new file mode 100644 index 000000000..89f0dc1c8 --- /dev/null +++ b/VMS/cert_tool/ssl$exit_cmd.tpu @@ -0,0 +1 @@ +EXIT diff --git a/VMS/cert_tool/ssl$fill_box.com b/VMS/cert_tool/ssl$fill_box.com new file mode 100644 index 000000000..704ec6b4d --- /dev/null +++ b/VMS/cert_tool/ssl$fill_box.com @@ -0,0 +1,65 @@ +$! +$!------------------------------------------------------------------------------ +$! SSL$FILL_BOX.COM - SSL Fill Box procedure +$!------------------------------------------------------------------------------ +$! +$ Verify = F$VERIFY (0) +$ Set NoOn +$ Set NoControl=Y +$! +$!------------------------------------------------------------------------------ +$! Description +$!------------------------------------------------------------------------------ +$! +$! This procedure draws a box with the specified coordinates. +$! +$! The parameters used are: +$! +$! P1 - X1 coordinate +$! P2 - Y1 coordinate +$! P3 - X2 coordinate +$! P4 - Y2 coordinate +$! +$!------------------------------------------------------------------------------ +$! Define symbols +$!------------------------------------------------------------------------------ +$! +$ SAY := WRITE SYS$OUTPUT +$ On Control_Y THEN GOTO EXIT +$ Set Control=Y +$! +$ ESC[0,8] = 27 ! Set the Escape Character +$! +$!------------------------------------------------------------------------------ +$! Draw the box +$!------------------------------------------------------------------------------ +$! +$ X1 = F$INTEGER (P1) +$ Y1 = F$INTEGER (P2) +$ X2 = F$INTEGER (P3) +$ Y2 = F$INTEGER (P4) +$! +$ ROW = Y1 + 1 +$ COL = X1 + 1 +$ FILL = F$FAO("!#* ", X2 - X1) +$! +$FILL_LOOP: +$! +$ IF ROW .LT. Y2 +$ THEN +$ SAY ESC + "[''ROW';''COL'H",FILL +$ ROW = ROW + 1 +$ GOTO FILL_LOOP +$ ENDIF +$! +$ GOTO EXIT +$! +$!------------------------------------------------------------------------------ +$! Exit +$!------------------------------------------------------------------------------ +$! +$EXIT: +$! +$ Verify = F$VERIFY (Verify) +$! +$ EXIT diff --git a/VMS/cert_tool/ssl$hash_cert.com b/VMS/cert_tool/ssl$hash_cert.com new file mode 100644 index 000000000..fef067731 --- /dev/null +++ b/VMS/cert_tool/ssl$hash_cert.com @@ -0,0 +1,235 @@ +$! +$!------------------------------------------------------------------------------ +$! SSL$HASH_CERT.COM - SSL Hash Certificate procedure +$!------------------------------------------------------------------------------ +$! +$ Verify = F$VERIFY (0) +$ Set NoOn +$ Set NoControl=Y +$! +$!------------------------------------------------------------------------------ +$! Description +$!------------------------------------------------------------------------------ +$! +$! This procedure prompts the user through hashing Certificates. +$! +$! The parameters used are: +$! +$! P1 - Certificate or Certificate Revocation List (i.e. "CRT" or "CRL") +$! +$!------------------------------------------------------------------------------ +$! Define symbols +$!------------------------------------------------------------------------------ +$! +$ DELETE := DELETE +$ SAY := WRITE SYS$OUTPUT +$ ASK := READ SYS$COMMAND /END_OF_FILE=EXIT /PROMPT= +$ On Control_Y THEN GOTO EXIT +$ Set Control=Y +$! +$ TT_ROWS = F$GETDVI ("TT:","TT_PAGE") +$ TT_COLS = F$GETDVI ("TT:","DEVBUFSIZ") +$! +$ INIT_TERM := @SSL$COM:SSL$INIT_TERM +$! +$ ESC[0,8] = 27 ! Set the Escape Character +$ BELL[0,8] = 7 ! Ring the terminal Bell +$ RED = 1 ! Color - Red +$ FGD = 30 ! Foreground +$ BGD = 0 ! Background +$ CSCR = ESC + "[2J" ! Clear the Screen +$ CEOS = ESC + "[0J" ! Clear to the End of the Screen +$ CEOL = ESC + "[0K" ! Clear to the End of the Line +$ NORM = ESC + "[0m" ! Turn Attributes off +$ BLNK = ESC + "[5m" ! Turn on BLINK Attribute +$ WIDE = ESC + "#6" ! Turn on WIDE Attribute +$! +$!------------------------------------------------------------------------------ +$! Run the SSL setup if it hasn't been run yet +$!------------------------------------------------------------------------------ +$! +$ IF F$TRNLNM ("SSL$ROOT") .EQS. "" +$ THEN +$ IF F$SEARCH ("SSL$COM:SSL$INIT_ENV.COM") .NES. "" +$ THEN +$ @SSL$COM:SSL$INIT_ENV.COM +$ ELSE +$ SAY BELL, "Unable to locate SSL$COM:SSL$INIT_ENV.COM ..." +$ GOTO EXIT +$ ENDIF +$ ENDIF +$! +$!------------------------------------------------------------------------------ +$! Display the Page Header +$!------------------------------------------------------------------------------ +$! +$ INIT_TERM +$ BCOLOR = BGD +$ FCOLOR = FGD + RED +$ COLOR = ESC + "[''BCOLOR';''FCOLOR'm" +$! +$ TEXT = "SSL Certificate Tool" +$ COL = (TT_COLS - (F$LENGTH (TEXT) * 2)) / 4 +$! +$ SAY ESC + "[01;01H", CSCR +$ SAY ESC + "[02;''COL'H", COLOR, WIDE, TEXT, NORM +$! +$ IF P1 .EQS. "CRT" +$ THEN +$ TEXT = "Hash Certification Authorities" +$ ELSE +$ TEXT = "Hash Certificate Revocations" +$ ENDIF +$ COL = (TT_COLS - F$LENGTH (TEXT)) / 2 +$! +$ SAY ESC + "[04;01H" +$ SAY ESC + "[04;''COL'H", COLOR, TEXT, NORM +$! +$ CTR = 1 +$ ROW = 6 +$ COL = 2 +$ TOP_ROW = ROW +$ MSG_ROW = TT_ROWS - 1 +$! +$!------------------------------------------------------------------------------ +$! Initialize the Request Data +$!------------------------------------------------------------------------------ +$! +$ IF P1 .EQS. "CRT" +$ THEN +$ PRM = "Certificate Path:" +$ DEF = "SSL$CRT:*.CRT" +$ ENDIF +$! +$ IF P1 .EQS. "CRL" +$ THEN +$ PRM = "Certificate Revocation Path:" +$ DEF = "SSL$CRT:*.CRL" +$ ENDIF +$! +$ SAY ESC + "[''MSG_ROW';01H", CEOS +$! +$!------------------------------------------------------------------------------ +$! Confirm/Update the SSL Configuration Data +$!------------------------------------------------------------------------------ +$! +$PROMPT_LOOP: +$! +$ PROMPT = ESC + "[''ROW';''COL'H''PRM' ? [''DEF'] ''CEOL'" +$ ASK "''PROMPT'" _hash_path_name +$ _hash_path_name = F$EDIT (_hash_path_name,"TRIM") +$ IF _hash_path_name .EQS. "" THEN _hash_path_name = DEF +$! +$ HASH_DEV = F$PARSE (_hash_path_name,DEF,,"DEVICE") +$ HASH_DIR = F$PARSE (_hash_path_name,DEF,,"DIRECTORY") +$ HASH_NAM = F$PARSE (_hash_path_name,DEF,,"NAME") +$ HASH_TYP = F$PARSE (_hash_path_name,DEF,,"TYPE") +$ _hash_path_name = HASH_DEV + HASH_DIR + HASH_NAM + HASH_TYP +$! +$!------------------------------------------------------------------------------ +$! Create the Certificiate Hashes +$!------------------------------------------------------------------------------ +$! +$ IF P1 .EQS. "CRT" +$ THEN +$ SAY ESC + "[''MSG_ROW';01H", BLNK, " Hashing Certificate Authorities ...", NORM, CEOL +$ ENDIF +$! +$ IF P1 .EQS. "CRL" +$ THEN +$ SAY ESC + "[''MSG_ROW';01H", BLNK, " Hashing Certificate Revocations ...", NORM, CEOL +$ ENDIF +$! +$ IF F$SEARCH ("''HASH_DEV'''HASH_DIR'DELETE_HASH_FILES.COM") .NES. "" +$ THEN +$ @'HASH_DEV''HASH_DIR'DELETE_HASH_FILES.COM +$ DELETE 'HASH_DEV''HASH_DIR'DELETE_HASH_FILES.COM;* +$ ENDIF +$! +$ CTR = 0 +$! +$ OPEN /WRITE OFILE 'HASH_DEV''HASH_DIR'DELETE_HASH_FILES.COM +$! +$CERT_LOOP: +$! +$ CERT_FILE = F$SEARCH ("''_hash_path_name'", 1) +$ IF CERT_FILE .EQS. "" THEN GOTO CERT_END +$ CTR = CTR + 1 +$! +$ CALL HASH_CERT 'P1' 'CERT_FILE' +$! +$ GOTO CERT_LOOP +$! +$CERT_END: +$! +$ CLOSE OFILE +$! +$ IF CTR .EQ. 0 +$ THEN +$ TEXT = "No files found, Press return to continue" +$ ELSE +$ TEXT = "Press return to continue" +$ ENDIF +$ COL = (TT_COLS - F$LENGTH (TEXT)) / 2 +$! +$ IF CTR .EQ. 0 +$ THEN +$ SAY BELL, ESC + "[''MSG_ROW';01H", CEOS +$ ELSE +$ SAY ESC + "[''MSG_ROW';01H", CEOS +$ ENDIF +$ PROMPT = ESC + "[''MSG_ROW';''COL'H''TEXT'" +$ ASK "''PROMPT'" OPT +$! +$ GOTO EXIT +$! +$!------------------------------------------------------------------------------ +$! Hash Certificate Subroutine +$!------------------------------------------------------------------------------ +$! +$HASH_CERT: SUBROUTINE +$! +$ IF P1 .EQS. "CRT" +$ THEN +$ HASH_SUFF = "" +$ HASH_FUNC = "$SSL$EXE:OPENSSL X509 -HASH -NOOUT -IN" +$ ELSE +$ HASH_SUFF = "R" +$ HASH_FUNC = "$SSL$EXE:OPENSSL CRL -HASH -NOOUT -IN" +$ ENDIF +$! +$ PIPE HASH_FUNC 'P2' | (READ SYS$INPUT VAL ; DEFINE/NOLOG/JOB HASH_VAL &VAL) +$ HASH_VAL = F$TRNLNM ("HASH_VAL") +$ DEASSIGN /JOB HASH_VAL +$! +$ IDX = 0 +$! +$IDX_LOOP: +$! +$ HASH_FILE = "''HASH_DEV'''HASH_DIR'''HASH_VAL'.''HASH_SUFF'''IDX'" +$ IF F$SEARCH ("''HASH_FILE'") .NES. "" +$ THEN +$ IDX = IDX + 1 +$ GOTO IDX_LOOP +$ ENDIF +$! +$ COPY 'P2' 'HASH_FILE' +$ WRITE OFILE "$ DELETE ''HASH_FILE';*" +$! +$ EXIT +$! +$ ENDSUBOUTINE +$! +$!------------------------------------------------------------------------------ +$! Exit the procedure +$!------------------------------------------------------------------------------ +$! +$EXIT: +$! +$ DEFINE /USER /NOLOG SYS$ERROR NL: +$ DEFINE /USER /NOLOG SYS$OUTPUT NL: +$ CLOSE OFILE +$! +$ Verify = F$VERIFY (Verify) +$! +$ EXIT diff --git a/VMS/cert_tool/ssl$init_env.com b/VMS/cert_tool/ssl$init_env.com new file mode 100644 index 000000000..bf9f509fa --- /dev/null +++ b/VMS/cert_tool/ssl$init_env.com @@ -0,0 +1,61 @@ +$! +$!------------------------------------------------------------------------------ +$! SSL$INIT_ENV.COM - SSL Initialize Environment +$!------------------------------------------------------------------------------ +$! +$ Verify = F$VERIFY (0) +$ Set NoOn +$! +$!------------------------------------------------------------------------------ +$! Description +$!------------------------------------------------------------------------------ +$! +$! This procedure sets up the SSL environment logicals & symbols. +$! +$! P1 = Mode of the logicals (ie - "/SYSTEM/EXECUTIVE_MODE"). +$! Note - if P1 is not passed in, P1 will default to PROCESS. +$! +$!------------------------------------------------------------------------------ +$! Initialization +$!------------------------------------------------------------------------------ +$! +$ IF F$TRNLNM("SSL$ROOT") .EQS. "" +$ THEN +$ WRITE SYS$OUTPUT " " +$ WRITE SYS$OUTPUT " SSL-E-ERROR, SSL has not been started." +$ WRITE SYS$OUTPUT " " +$ WRITE SYS$OUTPUT " Execute the command procedure, SYS$STARTUP:SSL$STARTUP.COM, and then try this procedure again." +$ WRITE SYS$OUTPUT " " +$ EXIT +$ ENDIF +$! +$ IF P1 .EQS. "" +$ THEN +$ P1 = "/PROCESS" +$ ENDIF +$! +$!------------------------------------------------------------------------------ +$! Define logicals +$!------------------------------------------------------------------------------ +$! +$ DEFINE 'P1 SSL$CA_CONF SSL$ROOT:[CONF]SSL$CA.CNF +$ DEFINE 'P1 SSL$CONF SSL$ROOT:[CONF]SSL$CERT.CNF +$ DEFINE 'P1 SSL$COM SSL$ROOT:[COM] +$ DEFINE 'P1 SSL$CRT SSL$ROOT:[CERTS] +$ DEFINE 'P1 SSL$CSR SSL$ROOT:[CERTS] +$ DEFINE 'P1 SSL$KEY SSL$ROOT:[CERTS] +$ DEFINE 'P1 SSL$DB SSL$ROOT:[PRIVATE] +$! +$!------------------------------------------------------------------------------ +$! Define foreign symbols +$!------------------------------------------------------------------------------ +$! +$ OPENSSL :== $ SSL$EXE:OPENSSL +$ HOSTADDR :== $ SSL$EXE:SSL$HOSTADDR +$ HOSTNAME :== $ SSL$EXE:SSL$HOSTNAME +$! +$!------------------------------------------------------------------------------ +$! Exit +$!------------------------------------------------------------------------------ +$! +$ EXIT diff --git a/VMS/cert_tool/ssl$init_term.com b/VMS/cert_tool/ssl$init_term.com new file mode 100644 index 000000000..3af0eb52f --- /dev/null +++ b/VMS/cert_tool/ssl$init_term.com @@ -0,0 +1,55 @@ +$! +$!------------------------------------------------------------------------------ +$! SSL$INIT_TERM.COM - SSL Initialize Terminal procedure +$!------------------------------------------------------------------------------ +$! +$ Verify = F$VERIFY (0) +$ Set NoOn +$ Set NoControl=Y +$! +$!------------------------------------------------------------------------------ +$! Description +$!------------------------------------------------------------------------------ +$! +$! This procedure initializes the terminal attributes. +$! +$! The parameters used are: +$! +$!------------------------------------------------------------------------------ +$! Define symbols +$!------------------------------------------------------------------------------ +$! +$ On Control_Y THEN GOTO EXIT +$ Set Control=Y +$! +$ EDIT := EDIT +$! +$!------------------------------------------------------------------------------ +$! Initialize the terminal with TPU +$!------------------------------------------------------------------------------ +$! +$ IF F$SEARCH ("SSL$COM:SSL$EXIT_CMD.TPU") .EQS. "" +$ THEN +$ OPEN /WRITE OFILE SSL$COM:SSL$EXIT_CMD.TPU +$ WRITE OFILE "EXIT" +$ CLOSE OFILE +$ ENDIF +$! +$ DEFINE /USER /NOLOG SYS$OUTPUT NL: +$ DEFINE /USER /NOLOG SYS$ERROR NL: +$ DEFINE /USER /NOLOG SYS$INPUT SYS$COMMAND +$ EDIT /TPU /COMMAND=OPENSS$COM:SSL$EXIT_CMD.TPU +$! +$!------------------------------------------------------------------------------ +$! Exit +$!------------------------------------------------------------------------------ +$! +$EXIT: +$! +$ DEFINE /USER /NOLOG SYS$ERROR NL: +$ DEFINE /USER /NOLOG SYS$OUTPUT NL: +$ CLOSE OFILE +$! +$ Verify = F$VERIFY (Verify) +$! +$ EXIT diff --git a/VMS/cert_tool/ssl$pick_file.com b/VMS/cert_tool/ssl$pick_file.com new file mode 100644 index 000000000..0355ef742 --- /dev/null +++ b/VMS/cert_tool/ssl$pick_file.com @@ -0,0 +1,230 @@ +$! +$!------------------------------------------------------------------------------ +$! SSL$PICK_FILE.COM - SSL Pick File procedure +$!------------------------------------------------------------------------------ +$! +$ Verify = F$VERIFY (0) +$ Set NoOn +$ Set NoControl=Y +$! +$!------------------------------------------------------------------------------ +$! Description +$!------------------------------------------------------------------------------ +$! +$! This procedure display the contents of a given file in a box size specified. +$! +$! The parameters used are: +$! +$! P1 - File Spec to Parse +$! P2 - X1 coordinate +$! P3 - Y1 coordinate +$! P4 - X2 coordinate +$! P5 - Y3 coordinate +$! P6 - File Pick Header (Optional) +$! +$!------------------------------------------------------------------------------ +$! Define symbols +$!------------------------------------------------------------------------------ +$! +$ SSL_FILE_NAME == "" +$ SAY := WRITE SYS$OUTPUT +$ ASK := READ SYS$COMMAND /END_OF_FILE=EXIT /PROMPT= +$ On Control_Y THEN GOTO EXIT +$ Set Control=Y +$! +$ DRAW_BOX := @SSL$COM:SSL$DRAW_BOX +$ FILL_BOX := @SSL$COM:SSL$FILL_BOX +$! +$ ESC[0,8] = 27 ! Set the Escape Character +$ BELL[0,8] = 7 ! Ring the terminal Bell +$ CEOL = ESC + "[0K" ! Clear to the End of the Line +$ NORM = ESC + "[0m" ! Turn Attributes off +$ BOLD = ESC + "[1m" ! Turn on BOLD Attribute +$! +$!------------------------------------------------------------------------------ +$! Display the Page Header +$!------------------------------------------------------------------------------ +$! +$ P1 = F$EDIT (P1, "TRIM") +$ P2 = F$INTEGER (P2) +$ P3 = F$INTEGER (P3) +$ P4 = F$INTEGER (P4) +$ P5 = F$INTEGER (P5) +$ FILE_MAX = 0 +$! +$SEARCH_LOOP: +$! +$ FILE = F$SEARCH ("''P1'",1) +$ IF FILE .NES. "" +$ THEN +$ IF FILE_MAX .EQ. 1 +$ THEN +$ IF FILE_1 .EQS. FILE THEN GOTO SEARCH_END +$ ENDIF +$ FILE_MAX = FILE_MAX + 1 +$ FILE_'FILE_MAX' = FILE +$ GOTO SEARCH_LOOP +$ ENDIF +$! +$SEARCH_END: +$! +$ IF FILE_MAX .EQ. 0 +$ THEN +$ DRAW_BOX 'P2' 'P3' 'P4' 'P5' "''P6'" " No Files Found, Press Return to Exit " +$ INPUT_ROW = P5 + 1 +$ PROMPT = ESC + "[''INPUT_ROW';01H ''CEOL'" +$ ASK "''PROMPT'" OPT +$ GOTO EXIT +$ ENDIF +$! +$ COL = P2 + 2 +$ ROW = P3 + 2 +$ TOP_ROW = ROW +$ INPUT_ROW = P5 + 1 +$ BOX_WIDTH = P4 - (P2 + 2) +$ BOX_HEIGHT = P5 - (P3 + 3) +$! +$ FILE_CTR = 1 +$ PAGE_CTR = 1 +$ PAGE_'PAGE_CTR'_FILE_CTR = FILE_CTR +$ FILES_PER_PAGE = BOX_HEIGHT +$ PAGE_MAX = FILE_MAX / FILES_PER_PAGE +$ IF PAGE_MAX * FILES_PER_PAGE .LT. FILE_MAX THEN PAGE_MAX = PAGE_MAX + 1 +$! +$ DRAW_BOX 'P2' 'P3' 'P4' 'P5' "''P6'" " Enter B for Back, N for Next, Ctrl-Z to Exit or Enter a File Number " +$ PAGE_TXT = F$FAO (" Page !UL of !UL ", PAGE_CTR, PAGE_MAX) +$ _COL = P2 + (BOX_WIDTH - F$LENGTH (PAGE_TXT)) + 2 +$ SAY ESC + "[''P3';''_COL'H''BOLD'''PAGE_TXT'''NORM'" +$! +$DISPLAY_LOOP: +$! +$ IF FILE_CTR .LE. FILE_MAX .AND. F$TYPE (FILE_'FILE_CTR') .NES. "" +$ THEN +$ FILE = FILE_'FILE_CTR' +$ ELSE +$ FILE = "" +$ ENDIF +$ WRAP_IN_PROGRESS = 0 +$! +$WRAP_LOOP: +$! +$ IF ROW .LE. (P5 - 2) .AND. - + FILE_CTR .LE. PAGE_CTR * FILES_PER_PAGE +$ THEN +$ IF F$LENGTH (FILE) .GT. BOX_WIDTH +$ THEN +$ IF WRAP_IN_PROGRESS .EQ. 0 +$ THEN +$ CTR_TXT = F$FAO ("!3UL. ",FILE_CTR) +$ WRAP_IN_PROGRESS = 1 +$ ELSE +$ CTR_TXT = " " +$ ENDIF +$ FILE_SEG = F$EXTRACT (0, BOX_WIDTH - F$LENGTH (CTR_TXT), FILE) +$ SAY ESC + "[''ROW';''COL'H''BOLD'''CTR_TXT'''NORM'''FILE_SEG'" +$ FILE = F$EXTRACT (BOX_WIDTH - F$LENGTH (CTR_TXT), F$LENGTH (FILE) - (BOX_WIDTH + F$LENGTH (CTR_TXT)), FILE) +$ ROW = ROW + 1 +$ GOTO WRAP_LOOP +$ ELSE +$ IF FILE .NES. "" +$ THEN +$ IF WRAP_IN_PROGRESS .EQ. 0 +$ THEN +$ CTR_TXT = F$FAO ("!3UL. ",FILE_CTR) +$ ELSE +$ CTR_TXT = " " +$ ENDIF +$ SAY ESC + "[''ROW';''COL'H''BOLD'''CTR_TXT'''NORM'''FILE'" +$ ENDIF +$ ENDIF +$ ELSE +$! +$RETRY: +$! +$ PROMPT = ESC + "[''INPUT_ROW';01H ''CEOL'" +$ ASK "''PROMPT'" OPT +$ IF F$TYPE (OPT) .NES. "INTEGER" .AND. - + F$EDIT (OPT,"TRIM,UPCASE") .NES. "B" .AND. - + F$EDIT (OPT,"TRIM,UPCASE") .NES. "N" +$ THEN +$ CALL INVALID_ENTRY +$ GOTO RETRY +$ ENDIF +$ IF F$TYPE (OPT) .EQS. "INTEGER" +$ THEN +$ IF OPT .GT. 0 .AND. - + OPT .LE. FILE_MAX .AND. - + OPT .LE. (FILE_CTR - 1) .AND. - + OPT .GE. (FILE_CTR - 1 - FILES_PER_PAGE) +$ THEN +$ SSL_FILE_NAME == FILE_'OPT' +$ GOTO EXIT +$ ELSE +$ CALL INVALID_ENTRY +$ GOTO RETRY +$ ENDIF +$ ENDIF +$ IF F$EDIT (OPT,"TRIM,UPCASE") .EQS. "B" +$ THEN +$ IF PAGE_CTR .GT. 1 +$ THEN +$ ROW = TOP_ROW +$ PAGE_CTR = PAGE_CTR - 1 +$ FILE_CTR = PAGE_'PAGE_CTR'_FILE_CTR +$ PAGE_TXT = F$FAO (" Page !UL of !UL ", PAGE_CTR, PAGE_MAX) +$ _COL = P2 + (BOX_WIDTH - F$LENGTH (PAGE_TXT)) + 2 +$ SAY ESC + "[''P3';''_COL'H''BOLD'''PAGE_TXT'''NORM'" +$ FILL_BOX 'P2' 'P3' 'P4' 'P5' +$ GOTO DISPLAY_LOOP +$ ELSE +$ CALL INVALID_ENTRY +$ GOTO RETRY +$ ENDIF +$ ENDIF +$ IF F$EDIT (OPT,"TRIM,UPCASE") .EQS. "N" +$ THEN +$ IF PAGE_CTR .LT. PAGE_MAX +$ THEN +$ PAGE_CTR = PAGE_CTR + 1 +$ PAGE_'PAGE_CTR'_FILE_CTR = FILE_CTR +$ FILE_CTR = PAGE_'PAGE_CTR'_FILE_CTR +$ PAGE_TXT = F$FAO (" Page !UL of !UL ", PAGE_CTR, PAGE_MAX) +$ _COL = P2 + (BOX_WIDTH - F$LENGTH (PAGE_TXT)) + 2 +$ SAY ESC + "[''P3';''_COL'H''BOLD'''PAGE_TXT'''NORM'" +$ FILL_BOX 'P2' 'P3' 'P4' 'P5' +$ ELSE +$ CALL INVALID_ENTRY +$ GOTO RETRY +$ ENDIF +$ ENDIF +$ FILL_BOX 'P2' 'P3' 'P4' 'P5' +$ ROW = TOP_ROW +$ GOTO WRAP_LOOP +$ ENDIF +$ FILE_CTR = FILE_CTR + 1 +$ ROW = ROW + 1 +$ GOTO DISPLAY_LOOP +$! +$!------------------------------------------------------------------------------ +$! Display the invalid entry +$!------------------------------------------------------------------------------ +$! +$INVALID_ENTRY: SUBROUTINE +$! +$ SAY ESC + "[''INPUT_ROW';01H", BELL, " Invalid Entry, Try again ...''CEOL'" +$ Wait 00:00:01.5 +$ SAY ESC + "[''INPUT_ROW';01H", CEOL +$! +$ EXIT +$! +$ ENDSUBROUTINE +$! +$!------------------------------------------------------------------------------ +$! Exit +$!------------------------------------------------------------------------------ +$! +$EXIT: +$! +$ Verify = F$VERIFY (Verify) +$! +$ EXIT diff --git a/VMS/cert_tool/ssl$rem_env.com b/VMS/cert_tool/ssl$rem_env.com new file mode 100644 index 000000000..6b8332f3c --- /dev/null +++ b/VMS/cert_tool/ssl$rem_env.com @@ -0,0 +1,62 @@ +$! +$!------------------------------------------------------------------------------ +$! SSL$REM_ENV.COM - Remove the SSL Initialize Environment +$!------------------------------------------------------------------------------ +$! +$ Verify = F$VERIFY (0) +$ Set NoOn +$! +$!------------------------------------------------------------------------------ +$! Description +$!------------------------------------------------------------------------------ +$! +$! This procedure deletes the SSL environment logicals & symbols set up by +$! SSL$INIT_ENV.COM. +$! +$! P1 = Mode of the logicals (ie - "/SYSTEM/EXECUTIVE_MODE"). +$! Note - if P1 is not passed in, P1 will default to PROCESS. +$! +$!------------------------------------------------------------------------------ +$! Initialization +$!------------------------------------------------------------------------------ +$! +$ IF F$TRNLNM("SSL$ROOT") .EQS. "" +$ THEN +$ WRITE SYS$OUTPUT " " +$ WRITE SYS$OUTPUT " SSL-E-ERROR, SSL has not been started." +$ WRITE SYS$OUTPUT " " +$ WRITE SYS$OUTPUT " Execute the command procedure, SYS$STARTUP:SSL$STARTUP.COM, and then try this procedure again." +$ WRITE SYS$OUTPUT " " +$ EXIT +$ ENDIF +$! +$ IF P1 .EQS. "" +$ THEN +$ P1 = "/PROCESS" +$ ENDIF +$! +$!------------------------------------------------------------------------------ +$! Define logicals +$!------------------------------------------------------------------------------ +$! +$ DEASSIGN 'P1 SSL$CA_CONF +$ DEASSIGN 'P1 SSL$CONF +$ DEASSIGN 'P1 SSL$COM +$ DEASSIGN 'P1 SSL$CRT +$ DEASSIGN 'P1 SSL$CSR +$ DEASSIGN 'P1 SSL$KEY +$ DEASSIGN 'P1 SSL$DB +$! +$!------------------------------------------------------------------------------ +$! Define foreign symbols +$!------------------------------------------------------------------------------ +$! +$ DELETE/SYMBOL/GLOBAL OPENSSL +$ DELETE/SYMBOL/GLOBAL HOSTADDR +$ DELETE/SYMBOL/GLOBAL HOSTNAME +$! +$!------------------------------------------------------------------------------ +$! Exit +$!------------------------------------------------------------------------------ +$! +$ EXIT diff --git a/VMS/cert_tool/ssl$rqst_cert.com b/VMS/cert_tool/ssl$rqst_cert.com new file mode 100644 index 000000000..1b6000107 --- /dev/null +++ b/VMS/cert_tool/ssl$rqst_cert.com @@ -0,0 +1,769 @@ +$! +$!------------------------------------------------------------------------------ +$! SSL$RQST_CERT.COM - SSL Certificate Request procedure +$!------------------------------------------------------------------------------ +$! +$ Verify = F$VERIFY (0) +$ Set NoOn +$ Set NoControl=Y +$! +$!------------------------------------------------------------------------------ +$! Description +$!------------------------------------------------------------------------------ +$! +$! This procedure prompts the user through creating a Certificate Request. +$! +$! There are no parameters used. +$! +$!------------------------------------------------------------------------------ +$! Define symbols +$!------------------------------------------------------------------------------ +$! +$ DELETE := DELETE +$ SAY := WRITE SYS$OUTPUT +$ ASK := READ SYS$COMMAND /END_OF_FILE=EXIT /PROMPT= +$ PID = F$GETJPI ("","PID") +$ TT_NOECHO = F$GETDVI ("TT:","TT_NOECHO") +$ On Control_Y THEN GOTO EXIT +$ Set Control=Y +$! +$ TT_ROWS = F$GETDVI ("TT:","TT_PAGE") +$ TT_COLS = F$GETDVI ("TT:","DEVBUFSIZ") +$! +$ GET_USER_DATA := CALL GET_USER_DATA +$ SET_USER_DATA := CALL SET_USER_DATA +$ DEL_USER_DATA := CALL DEL_USER_DATA +$ INIT_TERM := @SSL$COM:SSL$INIT_TERM +$ SHOW_FILE := @SSL$COM:SSL$SHOW_FILE +$ SSL_CONF_FILE = F$TRNLNM ("SSL$CONF") +$ GET_CONF_DATA := @SSL$COM:SSL$CONF_UTIL 'SSL_CONF_FILE' GET +$ SET_CONF_DATA := @SSL$COM:SSL$CONF_UTIL 'SSL_CONF_FILE' SET +$! +$ ESC[0,8] = 27 ! Set the Escape Character +$ BELL[0,8] = 7 ! Ring the terminal Bell +$ RED = 1 ! Color - Red +$ FGD = 30 ! Foreground +$ BGD = 0 ! Background +$ CSCR = ESC + "[2J" ! Clear the Screen +$ CEOS = ESC + "[0J" ! Clear to the End of the Screen +$ CEOL = ESC + "[0K" ! Clear to the End of the Line +$ NORM = ESC + "[0m" ! Turn Attributes off +$ BLNK = ESC + "[5m" ! Turn on BLINK Attribute +$ WIDE = ESC + "#6" ! Turn on WIDE Attribute +$! +$!------------------------------------------------------------------------------ +$! Run the SSL setup if it hasn't been run yet +$!------------------------------------------------------------------------------ +$! +$ IF F$TRNLNM ("SSL$ROOT") .EQS. "" +$ THEN +$ IF F$SEARCH ("SSL$COM:SSL$INIT_ENV.COM") .NES. "" +$ THEN +$ @SSL$COM:SSL$INIT_ENV.COM +$ ELSE +$ SAY BELL, "Unable to locate SSL$COM:SSL$INIT_ENV.COM ..." +$ GOTO EXIT +$ ENDIF +$ ENDIF +$! +$!------------------------------------------------------------------------------ +$! Display the Page Header +$!------------------------------------------------------------------------------ +$! +$ INIT_TERM +$ BCOLOR = BGD +$ FCOLOR = FGD + RED +$ COLOR = ESC + "[''BCOLOR';''FCOLOR'm" +$! +$ TEXT = "SSL Certificate Tool" +$ COL = (TT_COLS - (F$LENGTH (TEXT) * 2)) / 4 +$! +$ SAY ESC + "[01;01H", CSCR +$ SAY ESC + "[02;''COL'H", COLOR, WIDE, TEXT, NORM +$! +$ TEXT = "Create Certificate Request" +$ COL = (TT_COLS - F$LENGTH (TEXT)) / 2 +$! +$ SAY ESC + "[04;01H" +$ SAY ESC + "[04;''COL'H", COLOR, TEXT, NORM +$! +$ ROW = 6 +$ COL = 2 +$ TOP_ROW = ROW +$ MSG_ROW = TT_ROWS - 1 +$! +$!------------------------------------------------------------------------------ +$! Initialize the Request Data +$!------------------------------------------------------------------------------ +$! +$ IF F$SEARCH ("''SSL_CONF_FILE'") .NES. "" +$ THEN +$ SAY ESC + "[''MSG_ROW';01H", BLNK, " Reading Configuration ...", NORM +$ ELSE +$ SAY ESC + "[''MSG_ROW';01H", BLNK, " Initializing Configuration ...", NORM +$ ENDIF +$! +$ _request_name = "req" +$! +$ _distinguished_name = "REQ_distinguished_name" +$ _distinguished_name_upd = "Y" +$! +$ _default_bits = "1024" +$ _default_bits_upd = "Y" +$! +$ _default_keyfile = "SSL$KEY:SERVER.KEY" +$ _default_keyfile_upd = "Y" +$! +$ _default_csrfile = "SSL$CSR:SERVER.CSR" +$ _default_csrfile_upd = "Y" +$! +$ _countryName_prompt = "Country Name ?" +$ _countryName_min = "2" +$ _countryName_max = "2" +$ _countryName_default = "US" +$ _countryName_upd = "Y" +$ _countryName_cnt = 4 +$! +$ _stateOrProvinceName_prompt = "State or Province Name ?" +$ _stateOrProvinceName_default = "" +$ _stateOrProvinceName_upd = "Y" +$ _stateOrProvinceName_cnt = 2 +$! +$ _localityName_prompt = "City Name ?" +$ _localityName_default = "" +$ _localityName_upd = "Y" +$ _localityName_cnt = 2 +$! +$ _0organizationName_prompt = "Organization Name ?" +$ _0organizationName_default = "" +$ _0organizationName_upd = "Y" +$ _0organizationName_cnt = 2 +$! +$ _organizationalUnitName_prompt = "Organization Unit Name ?" +$ _organizationalUnitName_default = "" +$ _organizationalUnitName_upd = "Y" +$ _organizationalUnitName_cnt = 2 +$! +$ _commonName_prompt = "Common Name ?" +$ _commonName_max = "64" +$ HOSTNAME -s _commonName_default +$ _commonName_upd = "Y" +$ _commonName_cnt = 3 +$! +$ _emailAddress_prompt = "Email Address ?" +$ _emailAddress_max = "40" +$ _emailAddress_default = "webmaster@''_commonName_default'" +$ _emailAddress_upd = "Y" +$ _emailAddress_cnt = 3 +$! +$ IF F$SEARCH ("''SSL_CONF_FILE'") .NES. "" +$ THEN +$ GET_CONF_DATA "[''_request_name']#distinguished_name" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _distinguished_name = SSL_CONF_DATA +$ _distinguished_name_upd = "N" +$ ENDIF +$! +$ GET_CONF_DATA "[''_request_name']#default_bits" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _default_bits = SSL_CONF_DATA +$ _default_bits_upd = "N" +$ ENDIF +$! +$ GET_CONF_DATA "[''_request_name']#default_keyfile" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _default_keyfile = F$PARSE (SSL_CONF_DATA,"SSL$ROOT:",,"DEVICE") + - + F$PARSE (SSL_CONF_DATA,"[KEY]",,"DIRECTORY") + - + F$PARSE (SSL_CONF_DATA,"SERVER",,"NAME") + - + F$PARSE (SSL_CONF_DATA,".KEY",,"TYPE") +$ _default_keyfile_upd = "N" +$ ENDIF +$! +$ GET_CONF_DATA "[''_request_name']#default_csrfile" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _default_csrfile = F$PARSE (SSL_CONF_DATA,"SSL$ROOT:",,"DEVICE") + - + F$PARSE (SSL_CONF_DATA,"[CSR]",,"DIRECTORY") + - + F$PARSE (SSL_CONF_DATA,"SERVER",,"NAME") + - + F$PARSE (SSL_CONF_DATA,".CSR",,"TYPE") +$ _default_csrfile_upd = "N" +$ ENDIF +$! +$ CTR = 0 +$ GET_CONF_DATA "[''_distinguished_name']#countryName" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _countryName_prompt = SSL_CONF_DATA +$ CTR = CTR + 1 +$ ENDIF +$ GET_CONF_DATA "[''_distinguished_name']#countryName_min" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _countryName_min = SSL_CONF_DATA +$ CTR = CTR + 1 +$ ENDIF +$ GET_CONF_DATA "[''_distinguished_name']#countryName_max" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _countryName_max = SSL_CONF_DATA +$ CTR = CTR + 1 +$ ENDIF +$ GET_CONF_DATA "[''_distinguished_name']#countryName_default" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _countryName_default = SSL_CONF_DATA +$ CTR = CTR + 1 +$ ENDIF +$ IF _countryName_cnt .EQ. CTR THEN _countryName_upd = "N" +$! +$ CTR = 0 +$ GET_CONF_DATA "[''_distinguished_name']#stateOrProvinceName" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _stateOrProvinceName_prompt = SSL_CONF_DATA +$ CTR = CTR + 1 +$ ENDIF +$ GET_CONF_DATA "[''_distinguished_name']#stateOrProvinceName_default" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _stateOrProvinceName_default = SSL_CONF_DATA +$ CTR = CTR + 1 +$ ENDIF +$ IF _stateOrProvinceName_cnt .EQ. CTR THEN _stateOrProvinceName_upd = "N" +$! +$ CTR = 0 +$ GET_CONF_DATA "[''_distinguished_name']#localityName" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _localityName_prompt = SSL_CONF_DATA +$ CTR = CTR + 1 +$ ENDIF +$ GET_CONF_DATA "[''_distinguished_name']#localityName_default" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _localityName_default = SSL_CONF_DATA +$ CTR = CTR + 1 +$ ENDIF +$ IF _localityName_cnt .EQ. CTR THEN _localityName_upd = "N" +$! +$ CTR = 0 +$ GET_CONF_DATA "[''_distinguished_name']#0.organizationName" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _0organizationName_prompt = SSL_CONF_DATA +$ CTR = CTR + 1 +$ ENDIF +$ GET_CONF_DATA "[''_distinguished_name']#0.organizationName_default" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _0organizationName_default = SSL_CONF_DATA +$ CTR = CTR + 1 +$ ENDIF +$ IF _0organizationName_cnt .EQ. CTR THEN _0organizationName_upd = "N" +$! +$ CTR = 0 +$ GET_CONF_DATA "[''_distinguished_name']#organizationalUnitName" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _organizationalUnitName_prompt = SSL_CONF_DATA +$ CTR = CTR + 1 +$ ENDIF +$ GET_CONF_DATA "[''_distinguished_name']#organizationalUnitName_default" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _organizationalUnitName_default = SSL_CONF_DATA +$ CTR = CTR + 1 +$ ENDIF +$ IF _organizationalUnitName_cnt .EQ. CTR THEN _organizationalUnitName_upd = "N" +$! +$ CTR = 0 +$ GET_CONF_DATA "[''_distinguished_name']#commonName" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _commonName_prompt = SSL_CONF_DATA +$ CTR = CTR + 1 +$ ENDIF +$ GET_CONF_DATA "[''_distinguished_name']#commonName_max" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _commonName_max = SSL_CONF_DATA +$ CTR = CTR + 1 +$ ENDIF +$ GET_CONF_DATA "[''_distinguished_name']#commonName_default" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _commonName_default = SSL_CONF_DATA +$ CTR = CTR + 1 +$ ENDIF +$ IF _commonName_cnt .EQ. CTR THEN _commonName_upd = "N" +$! +$ CTR = 0 +$ GET_CONF_DATA "[''_distinguished_name']#emailAddress" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _emailAddress_prompt = SSL_CONF_DATA +$ CTR = CTR + 1 +$ ENDIF +$ GET_CONF_DATA "[''_distinguished_name']#emailAddress_max" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _emailAddress_max = SSL_CONF_DATA +$ CTR = CTR + 1 +$ ENDIF +$ GET_CONF_DATA "[''_distinguished_name']#emailAddress_default" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _emailAddress_default = SSL_CONF_DATA +$ CTR = CTR + 1 +$ ENDIF +$ IF _emailAddress_cnt .EQ. CTR THEN _emailAddress_upd = "N" +$ ENDIF +$! +$ SET_USER_DATA "[]#encrypt_key#-#N#Encrypt Private Key ?#S##1##Y#N" +$ SET_USER_DATA "[]#pem_pass_phrase#-##PEM Pass Phrase ?#P#1###Y#Y" +$ SET_USER_DATA "[''_request_name']#default_bits#D#''_default_bits'#Encryption Bits ?#I###''_default_bits_upd'#Y#N" +$ SET_USER_DATA "[''_request_name']#default_keyfile#D#''_default_keyfile'#Certificate Key File ?#F###''_default_keyfile_upd'#Y#N" +$ SET_USER_DATA "[''_request_name']#default_csrfile#D#''_default_csrfile'#Certificate Request File ?#F###''_default_csrfile_upd'#Y#N" +$ SET_USER_DATA "[''_request_name']#distinguished_name#D#''_distinguished_name'##S###''_distinguished_name_upd'#N#N" +$ SET_USER_DATA "[''_distinguished_name']#countryName#P#''_countryName_default'#''_countryName_prompt'#S#''_countryName_min'#''_countryName_max'#''_countryName_upd'#Y#N" +$ SET_USER_DATA "[''_distinguished_name']#stateOrProvinceName#P#''_stateOrProvinceName_default'#''_stateOrProvinceName_prompt'#S###''_stateOrProvinceName_upd'#Y#N" +$ SET_USER_DATA "[''_distinguished_name']#localityName#P#''_localityName_default'#''_localityName_prompt'#S###''_localityName_upd'#Y#N" +$ SET_USER_DATA "[''_distinguished_name']#0.organizationName#P#''_0organizationName_default'#''_0organizationName_prompt'#S###''_0organizationName_upd'#Y#N" +$ SET_USER_DATA "[''_distinguished_name']#organizationalUnitName#P#''_organizationalUnitName_default'#''_organizationalUnitName_prompt'#S###''_organizationUnitName_upd'#Y#N" +$ SET_USER_DATA "[''_distinguished_name']#commonName#P#''_commonName_default'#''_commonName_prompt'#S##''_commonName_max'#''_commonName_upd'#Y#N" +$ SET_USER_DATA "[''_distinguished_name']#emailAddress#P#''_emailAddress_default'#''_emailAddress_prompt'#S##''_emailAddress_max'#''_emailAddress_upd'#Y#N" +$ SET_USER_DATA "[]#display_certificate#-#N#Display the Certificate ?#S##1##Y#N" +$! +$ SAY ESC + "[''MSG_ROW';01H", CEOS +$! +$!------------------------------------------------------------------------------ +$! Confirm/Update the SSL Configuration Data +$!------------------------------------------------------------------------------ +$! +$ CTR = 1 +$! +$PROMPT_LOOP: +$! +$ IF CTR .LE. SSL_USER_DATA_MAX +$ THEN +$ KEY = F$ELEMENT (0,"#",SSL_USER_DATA_'CTR') ! Key Name +$ ITM = F$ELEMENT (1,"#",SSL_USER_DATA_'CTR') ! Item Name +$ VAL = F$ELEMENT (2,"#",SSL_USER_DATA_'CTR') ! Item Value Contains Default or Prompt +$ DEF = F$ELEMENT (3,"#",SSL_USER_DATA_'CTR') ! Default Value +$ PRM = F$ELEMENT (4,"#",SSL_USER_DATA_'CTR') ! Prompt Value +$ TYP = F$ELEMENT (5,"#",SSL_USER_DATA_'CTR') ! Value Type +$ MIN = F$ELEMENT (6,"#",SSL_USER_DATA_'CTR') ! Value Minimum Length +$ MAX = F$ELEMENT (7,"#",SSL_USER_DATA_'CTR') ! Value Maximum Length +$ UPD = F$ELEMENT (8,"#",SSL_USER_DATA_'CTR') ! Entry Updated ? +$ REQ = F$ELEMENT (9,"#",SSL_USER_DATA_'CTR') ! Entry Required for Input ? +$ CFM = F$ELEMENT (10,"#",SSL_USER_DATA_'CTR')! Confirm Input ? +$! +$! The PEM Pass Phrase prompt is dependant on the answer to encrypt the private key +$! +$ IF KEY .EQS. "[]" .AND. ITM .EQS. "pem_pass_phrase" +$ THEN +$ GET_USER_DATA "[]#encrypt_key" +$ _encrypt_key = SSL_USER_DATA +$ IF F$EDIT (_encrypt_key,"UPCASE") .NES. "Y" +$ THEN +$ CTR = CTR + 1 +$ GOTO PROMPT_LOOP +$ ENDIF +$ ENDIF +$! +$ CONFIRMED = 0 +$ IF REQ .EQS. "N" +$ THEN +$ CTR = CTR + 1 +$ GOTO PROMPT_LOOP +$ ENDIF +$ IF ROW .GT. MSG_ROW - 2 +$ THEN +$ SAY ESC + "[''TOP_ROW';01H", CEOS +$ ROW = TOP_ROW +$ ENDIF +$! +$CONFIRM_LOOP: +$! +$ IF PRM .EQS. "" +$ THEN +$ PROMPT = ESC + "[''ROW';''COL'H''ITM' ? [''DEF'] ''CEOL'" +$ ELSE +$ PROMPT = ESC + "[''ROW';''COL'H''PRM' [''DEF'] ''CEOL'" +$ ENDIF +$ IF TYP .EQS. "P" THEN SET TERMINAL /NOECHO +$ ASK "''PROMPT'" ANS /END_OF_FILE=EXIT +$ IF TYP .EQS. "P" THEN SET TERMINAL /ECHO +$ ANS = F$EDIT (ANS,"TRIM") +$ IF ANS .EQS. "" THEN ANS = DEF +$ IF TYP .EQS. "F" +$ THEN +$ ANS = F$PARSE ("''ANS'","''DEF'",,,"SYNTAX_ONLY") +$ ENDIF +$ IF TYP .EQS. "I" .AND. F$TYPE (ANS) .NES. "INTEGER" +$ THEN +$ CALL INVALID_ENTRY +$ SAY ESC + "[''ROW';01H", CEOS +$ GOTO PROMPT_LOOP +$ ENDIF +$ IF (TYP .EQS. "S" .OR. TYP .EQS. "P") .AND. - + ((MIN .NES. "" .AND. F$LENGTH (ANS) .LT. F$INTEGER(MIN)) .OR. - + (MAX .NES. "" .AND. F$LENGTH (ANS) .GT. F$INTEGER(MAX))) +$ THEN +$ CALL INVALID_ENTRY +$ SAY ESC + "[''ROW';01H", CEOS +$ IF TYP .EQS. "S" THEN GOTO PROMPT_LOOP +$ IF TYP .EQS. "P" THEN GOTO CONFIRM_LOOP +$ ENDIF +$ ROW = ROW + 1 +$ IF CFM .EQS. "Y" +$ THEN +$ IF CONFIRMED .EQ. 0 +$ THEN +$ CONFIRMED = 1 +$ CONFIRMED_ANS = ANS +$ PRM = "Confirm ''PRM'" +$ GOTO CONFIRM_LOOP +$ ELSE +$ IF ANS .NES. CONFIRMED_ANS +$ THEN +$ CALL INVALID_ENTRY +$ ROW = ROW - 2 +$ SAY ESC + "[''ROW';01H", CEOS +$ GOTO PROMPT_LOOP +$ ENDIF +$ ENDIF +$ ENDIF +$ IF ANS .NES. DEF THEN SSL_USER_DATA_'CTR' = "''KEY'#''ITM'#''VAL'#''ANS'#''PRM'#''TYP'#''MIN'#''MAX'#Y#''REQ'#''CFM'" +$ CTR = CTR + 1 +$ GOTO PROMPT_LOOP +$ ENDIF +$! +$!------------------------------------------------------------------------------ +$! Save the SSL Configuration Data +$!------------------------------------------------------------------------------ +$! +$ CTR = 1 +$ SAY ESC + "[''MSG_ROW';01H", BLNK, " Saving Configuration ...", NORM +$! +$SAVE_CONF_LOOP: +$! +$ IF CTR .LE. SSL_USER_DATA_MAX +$ THEN +$ KEY = F$ELEMENT (0,"#",SSL_USER_DATA_'CTR') ! Key Name +$ ITM = F$ELEMENT (1,"#",SSL_USER_DATA_'CTR') ! Item Name +$ VAL = F$ELEMENT (2,"#",SSL_USER_DATA_'CTR') ! Item Value Contains Default or Prompt +$ DEF = F$ELEMENT (3,"#",SSL_USER_DATA_'CTR') ! Default Value +$ PRM = F$ELEMENT (4,"#",SSL_USER_DATA_'CTR') ! Prompt Value +$ TYP = F$ELEMENT (5,"#",SSL_USER_DATA_'CTR') ! Value Type +$ MIN = F$ELEMENT (6,"#",SSL_USER_DATA_'CTR') ! Value Minimum Length +$ MAX = F$ELEMENT (7,"#",SSL_USER_DATA_'CTR') ! Value Maximum Length +$ UPD = F$ELEMENT (8,"#",SSL_USER_DATA_'CTR') ! Entry Updated ? +$ REQ = F$ELEMENT (9,"#",SSL_USER_DATA_'CTR') ! Entry Required for Input ? +$ CFM = F$ELEMENT (10,"#",SSL_USER_DATA_'CTR')! Confirm Input ? +$ IF UPD .NES. "Y" .OR. VAL .EQS. "-" +$ THEN +$ CTR = CTR + 1 +$ GOTO SAVE_CONF_LOOP +$ ENDIF +$ IF VAL .EQS. "D" +$ THEN +$ SET_CONF_DATA "''KEY'#''ITM'" "''DEF'" +$ ELSE +$ SET_CONF_DATA "''KEY'#''ITM'" "''PRM'" +$ SET_CONF_DATA "''KEY'#''ITM'_default" "''DEF'" +$ ENDIF +$ IF MIN .NES. "" THEN SET_CONF_DATA "''KEY'#''ITM'_min" "''MIN'" +$ IF MAX .NES. "" THEN SET_CONF_DATA "''KEY'#''ITM'_max" "''MAX'" +$ CTR = CTR + 1 +$ GOTO SAVE_CONF_LOOP +$ ENDIF +$! +$ PURGE /NOLOG /NOCONFIRM 'SSL_CONF_FILE' +$ RENAME 'SSL_CONF_FILE'; ;1 +$! +$ SAY ESC + "[''MSG_ROW';01H", CEOS +$! +$!------------------------------------------------------------------------------ +$! Create the Server Certificiate +$!------------------------------------------------------------------------------ +$! +$ SAY ESC + "[''MSG_ROW';01H", BLNK, " Creating Certificate Request ...", NORM +$! +$ X1 = 2 +$ Y1 = TOP_ROW +$ X2 = TT_COLS - 2 +$ Y2 = MSG_ROW - 1 +$! +$ GET_USER_DATA "[]#encrypt_key" +$ _encrypt_key = SSL_USER_DATA +$ IF F$EDIT (_encrypt_key,"UPCASE") .EQS. "Y" +$ THEN +$ GET_USER_DATA "[]#pem_pass_phrase" +$ _pem_pass_phrase = SSL_USER_DATA +$ ENDIF +$ GET_USER_DATA "[req]#default_bits" +$ _default_bits = SSL_USER_DATA +$ GET_USER_DATA "[req]#default_keyfile" +$ _default_keyfile = SSL_USER_DATA +$ GET_USER_DATA "[req]#default_csrfile" +$ _default_csrfile = SSL_USER_DATA +$ GET_USER_DATA "[]#display_certificate" +$ _display_certificate = SSL_USER_DATA +$! +$! +$ DEFINE /USER /NOLOG SYS$ERROR NL: +$ DEFINE /USER /NOLOG SYS$OUTPUT NL: +$ SHOW SYSTEM /FULL /OUT=SYS$LOGIN:SSL_GENRSA_'PID'.RND +$! +$ OPEN /WRITE OFILE SYS$LOGIN:SSL_GENRSA_'PID'.COM +$ WRITE OFILE "$ DEFINE /USER /NOLOG RANDFILE SYS$LOGIN:SSL_GENRSA_''PID'.RND" +$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$ERROR SYS$LOGIN:SSL_GENRSA_''PID'.LOG" +$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$OUTPUT SYS$LOGIN:SSL_GENRSA_''PID'.LOG" +$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$COMMAND SYS$INPUT" +$ IF _encrypt_key .EQS. "Y" +$ THEN +$ WRITE OFILE "$ OPENSSL genrsa -des3 -out ''_default_keyfile' ''_default_bits'" +$ WRITE OFILE "''_pem_pass_phrase'" +$ WRITE OFILE "''_pem_pass_phrase'" +$ ELSE +$ WRITE OFILE "$ OPENSSL genrsa -out ''_default_keyfile' ''_default_bits'" +$ ENDIF +$ CLOSE OFILE +$! +$ @SYS$LOGIN:SSL_GENRSA_'PID'.COM +$! +$ DELETE/NOLOG/NOCONFIRM SYS$LOGIN:SSL_GENRSA_'PID'.RND;* +$ DELETE/NOLOG/NOCONFIRM SYS$LOGIN:SSL_GENRSA_'PID'.COM;* +$! +$ DEFINE /USER /NOLOG SYS$ERROR NL: +$ DEFINE /USER /NOLOG SYS$OUTPUT NL: +$ SEARCH SYS$LOGIN:SSL_GENRSA_'PID'.LOG /OUT=SYS$LOGIN:SSL_GENRSA_'PID'.ERR ":error:" +$ IF F$SEARCH ("SYS$LOGIN:SSL_GENRSA_''PID'.ERR") .NES. "" +$ THEN +$ IF F$FILE_ATTRIBUTE ("SYS$LOGIN:SSL_GENRSA_''PID'.ERR","ALQ") .NE. 0 +$ THEN +$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_GENRSA_'PID'.ERR;* +$ SAY ESC + "[''MSG_ROW';01H''BELL'''CEOS'" +$ SHOW_FILE "SYS$LOGIN:SSL_GENRSA_''PID'.LOG" 'X1' 'Y1' 'X2' 'Y2' "< ERROR >" +$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_GENRSA_'PID'.LOG;* +$ GOTO EXIT +$ ENDIF +$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_GENRSA_'PID'.ERR;* +$ ENDIF +$! +$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_GENRSA_'PID'.LOG;* +$! +$! +$ DEFINE /USER /NOLOG SYS$ERROR NL: +$ DEFINE /USER /NOLOG SYS$OUTPUT NL: +$ SHOW SYSTEM /FULL /OUT=SYS$LOGIN:SSL_REQ_'PID'.RND +$! +$ OPEN /WRITE OFILE SYS$LOGIN:SSL_REQ_'PID'.COM +$ WRITE OFILE "$ DEFINE /USER /NOLOG RANDFILE SYS$LOGIN:SSL_REQ_''PID'.RND" +$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$ERROR SYS$LOGIN:SSL_REQ_''PID'.LOG" +$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$OUTPUT SYS$LOGIN:SSL_REQ_''PID'.LOG" +$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$COMMAND SYS$INPUT" +$ IF _encrypt_key .EQS. "Y" +$ THEN +$ WRITE OFILE "$ OPENSSL req -new -config ''SSL_CONF_FILE' -key ''_default_keyfile' -out ''_default_csrfile'" +$ WRITE OFILE "''_pem_pass_phrase'" +$ WRITE OFILE "''_pem_pass_phrase'" +$ ELSE +$ WRITE OFILE "$ OPENSSL req -new -nodes -config ''SSL_CONF_FILE' -keyout ''_default_keyfile' -out ''_default_csrfile'" +$ ENDIF +$ WRITE OFILE "" +$ WRITE OFILE "" +$ WRITE OFILE "" +$ WRITE OFILE "" +$ WRITE OFILE "" +$ WRITE OFILE "" +$ WRITE OFILE "" +$ CLOSE OFILE +$! +$ @SYS$LOGIN:SSL_REQ_'PID'.COM +$! +$ DELETE/NOLOG/NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.COM;* +$! +$ DEFINE /USER /NOLOG SYS$ERROR NL: +$ DEFINE /USER /NOLOG SYS$OUTPUT NL: +$ SEARCH SYS$LOGIN:SSL_REQ_'PID'.LOG /OUT=SYS$LOGIN:SSL_REQ_'PID'.ERR ":error:" +$ IF F$SEARCH ("SYS$LOGIN:SSL_REQ_''PID'.ERR") .NES. "" +$ THEN +$ IF F$FILE_ATTRIBUTE ("SYS$LOGIN:SSL_REQ_''PID'.ERR","ALQ") .NE. 0 +$ THEN +$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.ERR;* +$ SAY ESC + "[''MSG_ROW';01H''BELL'''CEOS'" +$ SHOW_FILE "SYS$LOGIN:SSL_REQ_''PID'.LOG" 'X1' 'Y1' 'X2' 'Y2' "< ERROR >" +$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.LOG;* +$ GOTO EXIT +$ ENDIF +$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.ERR;* +$ ENDIF +$! +$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.LOG;* +$! +$ IF F$EDIT (_display_certificate,"TRIM,UPCASE") .EQS. "Y" +$ THEN +$ SAY ESC + "[''MSG_ROW';01H", BLNK, " Generating Output ...", NORM, CEOL +$! +$ OPEN /WRITE OFILE SYS$LOGIN:SSL_REQ_'PID'.COM +$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$ERROR SYS$LOGIN:SSL_REQ_''PID'.LOG" +$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$OUTPUT SYS$LOGIN:SSL_REQ_''PID'.LOG" +$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$COMMAND SYS$INPUT" +$ WRITE OFILE "$ OPENSSL req -noout -text -config ''SSL_CONF_FILE' -in ''_default_csrfile'" +$ CLOSE OFILE +$! +$ @SYS$LOGIN:SSL_REQ_'PID'.COM +$! +$ DELETE/NOLOG/NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.COM;* +$! +$ DEFINE /USER /NOLOG SYS$ERROR NL: +$ DEFINE /USER /NOLOG SYS$OUTPUT NL: +$ SEARCH SYS$LOGIN:SSL_REQ_'PID'.LOG /OUT=SYS$LOGIN:SSL_REQ_'PID'.ERR ":error:" +$ IF F$SEARCH ("SYS$LOGIN:SSL_REQ_''PID'.ERR") .NES. "" +$ THEN +$ IF F$FILE_ATTRIBUTE ("SYS$LOGIN:SSL_REQ_''PID'.ERR","ALQ") .NE. 0 +$ THEN +$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.ERR;* +$ SAY ESC + "[''MSG_ROW';01H''BELL'''CEOS'" +$ SHOW_FILE "SYS$LOGIN:SSL_REQ_''PID'.LOG" 'X1' 'Y1' 'X2' 'Y2' "< ERROR >" +$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.LOG;* +$ GOTO EXIT +$ ENDIF +$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.ERR;* +$ ENDIF +$! +$ SAY ESC + "[''MSG_ROW';01H''CEOS'" +$ SHOW_FILE "SYS$LOGIN:SSL_REQ_''PID'.LOG" 'X1' 'Y1' 'X2' 'Y2' "< ''_default_csrfile' >" +$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.LOG;* +$ GOTO EXIT +$ ENDIF +$! +$ TEXT = "Press return to continue" +$ COL = (TT_COLS - F$LENGTH (TEXT)) / 2 +$! +$ SAY ESC + "[''MSG_ROW';01H", CEOS +$ PROMPT = ESC + "[''MSG_ROW';''COL'H''TEXT'" +$ ASK "''PROMPT'" OPT +$! +$GOTO EXIT +$! +$!------------------------------------------------------------------------------ +$! Set the User Data +$!------------------------------------------------------------------------------ +$! +$SET_USER_DATA: SUBROUTINE +$! +$ IF F$TYPE (SSL_USER_DATA_MAX) .EQS. "" +$ THEN +$ SSL_USER_DATA_MAX == 1 +$ ELSE +$ SSL_USER_DATA_MAX == SSL_USER_DATA_MAX + 1 +$ ENDIF +$! +$ SSL_USER_DATA_'SSL_USER_DATA_MAX' == "''P1'" +$! +$ EXIT +$! +$ ENDSUBROUTINE +$! +$!------------------------------------------------------------------------------ +$! Get the User Data +$!------------------------------------------------------------------------------ +$! +$GET_USER_DATA: SUBROUTINE +$! +$ CTR = 1 +$ USER_KEY = F$ELEMENT (0,"#",P1) +$ USER_ITM = F$ELEMENT (1,"#",P1) +$! +$GET_USER_DATA_LOOP: +$! +$ IF CTR .LE. SSL_USER_DATA_MAX +$ THEN +$ KEY = F$ELEMENT (0,"#",SSL_USER_DATA_'CTR') ! Key Name +$ ITM = F$ELEMENT (1,"#",SSL_USER_DATA_'CTR') ! Item Name +$ VAL = F$ELEMENT (2,"#",SSL_USER_DATA_'CTR') ! Item Value Contains Default or Prompt +$ DEF = F$ELEMENT (3,"#",SSL_USER_DATA_'CTR') ! Default Value +$ PRM = F$ELEMENT (4,"#",SSL_USER_DATA_'CTR') ! Prompt Value +$ IF USER_KEY .NES. KEY .OR. USER_ITM .NES. ITM +$ THEN +$ CTR = CTR + 1 +$ GOTO GET_USER_DATA_LOOP +$ ENDIF +$ IF VAL .EQS. "-" THEN SSL_USER_DATA == "''DEF'" +$ IF VAL .EQS. "D" THEN SSL_USER_DATA == "''DEF'" +$ IF VAL .EQS. "P" THEN SSL_USER_DATA == "''PRM'" +$ ENDIF +$! +$ EXIT +$! +$ ENDSUBROUTINE +$! +$!------------------------------------------------------------------------------ +$! Delete the User Data +$!------------------------------------------------------------------------------ +$! +$DEL_USER_DATA: SUBROUTINE +$! +$ IF F$TYPE (SSL_USER_DATA_MAX) .EQS. "" THEN GOTO DEL_USER_DATA_END +$! +$DEL_USER_DATA_LOOP: +$! +$ IF F$TYPE (SSL_USER_DATA_'SSL_USER_DATA_MAX') .NES. "" +$ THEN +$ DELETE /SYMBOL /GLOBAL SSL_USER_DATA_'SSL_USER_DATA_MAX' +$ SSL_USER_DATA_MAX == SSL_USER_DATA_MAX - 1 +$ GOTO DEL_USER_DATA_LOOP +$ ENDIF +$! +$ DELETE /SYMBOL /GLOBAL SSL_USER_DATA_MAX +$! +$DEL_USER_DATA_END: +$! +$ IF F$TYPE (SSL_USER_DATA) .NES. "" THEN DELETE /SYMBOL /GLOBAL SSL_USER_DATA +$! +$ EXIT +$! +$ ENDSUBROUTINE +$! +$!------------------------------------------------------------------------------ +$! Display the invalid entry +$!------------------------------------------------------------------------------ +$! +$INVALID_ENTRY: SUBROUTINE +$! +$ SAY ESC + "[''MSG_ROW';01H", BELL, " Invalid Entry, Try again ...''CEOL'" +$ Wait 00:00:01.5 +$ SAY ESC + "[''MSG_ROW';01H", CEOL +$! +$ EXIT +$! +$ ENDSUBROUTINE +$! +$!------------------------------------------------------------------------------ +$! +$!------------------------------------------------------------------------------ +$! +$EXIT: +$! +$ DEFINE /USER /NOLOG SYS$ERROR NL: +$ DEFINE /USER /NOLOG SYS$OUTPUT NL: +$ CLOSE OFILE +$! +$ DEL_USER_DATA +$! +$ IF F$TYPE (SSL_CONF_DATA) .NES. "" THEN DELETE /SYMBOL /GLOBAL SSL_CONF_DATA +$! +$ IF F$GETDVI ("TT:","TT_NOECHO") .AND. .NOT. TT_NOECHO THEN SET TERMINAL /ECHO +$! +$ IF F$SEARCH ("SYS$LOGIN:SSL_GENRSA_''PID'.%%%;*") .NES. "" THEN DELETE/NOLOG/NOCONFIRM SYS$LOGIN:SSL_GENRSA_'PID'.%%%;* +$ IF F$SEARCH ("SYS$LOGIN:SSL_REQ_''PID'.%%%;*") .NES. "" THEN DELETE/NOLOG/NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.%%%;* +$! +$ Verify = F$VERIFY (Verify) +$! +$ EXIT diff --git a/VMS/cert_tool/ssl$self_cert.com b/VMS/cert_tool/ssl$self_cert.com new file mode 100644 index 000000000..6ccb9e094 --- /dev/null +++ b/VMS/cert_tool/ssl$self_cert.com @@ -0,0 +1,725 @@ +$! +$!------------------------------------------------------------------------------ +$! SSL$SELF_CERT.COM - SSL Self Signed Certificate procedure +$!------------------------------------------------------------------------------ +$! +$ Verify = F$VERIFY (0) +$ Set NoOn +$ Set NoControl=Y +$! +$!------------------------------------------------------------------------------ +$! Description +$!------------------------------------------------------------------------------ +$! +$! This procedure prompts the user through creating a Server Certificate. +$! +$! There are no parameters used. +$! +$!------------------------------------------------------------------------------ +$! Define symbols +$!------------------------------------------------------------------------------ +$! +$ DELETE := DELETE +$ SAY := WRITE SYS$OUTPUT +$ ASK := READ SYS$COMMAND /END_OF_FILE=EXIT /PROMPT= +$ PID = F$GETJPI ("","PID") +$ TT_NOECHO = F$GETDVI ("TT:","TT_NOECHO") +$ On Control_Y THEN GOTO EXIT +$ Set Control=Y +$! +$ TT_ROWS = F$GETDVI ("TT:","TT_PAGE") +$ TT_COLS = F$GETDVI ("TT:","DEVBUFSIZ") +$! +$ GET_USER_DATA := CALL GET_USER_DATA +$ SET_USER_DATA := CALL SET_USER_DATA +$ DEL_USER_DATA := CALL DEL_USER_DATA +$ INIT_TERM := @SSL$COM:SSL$INIT_TERM +$ SHOW_FILE := @SSL$COM:SSL$SHOW_FILE +$ SSL_CONF_FILE = F$TRNLNM ("SSL$CONF") +$ GET_CONF_DATA := @SSL$COM:SSL$CONF_UTIL 'SSL_CONF_FILE' GET +$ SET_CONF_DATA := @SSL$COM:SSL$CONF_UTIL 'SSL_CONF_FILE' SET +$! +$ ESC[0,8] = 27 ! Set the Escape Character +$ BELL[0,8] = 7 ! Ring the terminal Bell +$ RED = 1 ! Color - Red +$ FGD = 30 ! Foreground +$ BGD = 0 ! Background +$ CSCR = ESC + "[2J" ! Clear the Screen +$ CEOS = ESC + "[0J" ! Clear to the End of the Screen +$ CEOL = ESC + "[0K" ! Clear to the End of the Line +$ NORM = ESC + "[0m" ! Turn Attributes off +$ BLNK = ESC + "[5m" ! Turn on BLINK Attribute +$ WIDE = ESC + "#6" ! Turn on WIDE Attribute +$! +$!------------------------------------------------------------------------------ +$! Run the SSL setup if it hasn't been run yet +$!------------------------------------------------------------------------------ +$! +$ IF F$TRNLNM ("SSL$ROOT") .EQS. "" +$ THEN +$ IF F$SEARCH ("SSL$COM:SSL$INIT_ENV.COM") .NES. "" +$ THEN +$ @SSL$COM:SSL$INIT_ENV.COM +$ ELSE +$ SAY BELL, "Unable to locate SSL$COM:SSL$INIT_ENV.COM ..." +$ GOTO EXIT +$ ENDIF +$ ENDIF +$! +$!------------------------------------------------------------------------------ +$! Display the Page Header +$!------------------------------------------------------------------------------ +$! +$ INIT_TERM +$ BCOLOR = BGD +$ FCOLOR = FGD + RED +$ COLOR = ESC + "[''BCOLOR';''FCOLOR'm" +$! +$ TEXT = "SSL Certificate Tool" +$ COL = (TT_COLS - (F$LENGTH (TEXT) * 2)) / 4 +$! +$ SAY ESC + "[01;01H", CSCR +$ SAY ESC + "[02;''COL'H", COLOR, WIDE, TEXT, NORM +$! +$ TEXT = "Create Self-Signed Certificate" +$ COL = (TT_COLS - F$LENGTH (TEXT)) / 2 +$! +$ SAY ESC + "[04;01H" +$ SAY ESC + "[04;''COL'H", COLOR, TEXT, NORM +$! +$ ROW = 6 +$ COL = 2 +$ TOP_ROW = ROW +$ MSG_ROW = TT_ROWS - 1 +$! +$!------------------------------------------------------------------------------ +$! Initialize the Request Data +$!------------------------------------------------------------------------------ +$! +$ IF F$SEARCH ("''SSL_CONF_FILE'") .NES. "" +$ THEN +$ SAY ESC + "[''MSG_ROW';01H", BLNK, " Reading Configuration ...", NORM +$ ELSE +$ SAY ESC + "[''MSG_ROW';01H", BLNK, " Initializing Configuration ...", NORM +$ ENDIF +$! +$ _request_name = "req" +$! +$ _distinguished_name = "REQ_distinguished_name" +$ _distinguished_name_upd = "Y" +$! +$ _default_bits = "1024" +$ _default_bits_upd = "Y" +$! +$ _default_keyfile = "SSL$KEY:SERVER.KEY" +$ _default_keyfile_upd = "Y" +$! +$ _default_crtfile = "SSL$CRT:SERVER.CRT" +$ _default_crtfile_upd = "Y" +$! +$ _countryName_prompt = "Country Name ?" +$ _countryName_min = "2" +$ _countryName_max = "2" +$ _countryName_default = "US" +$ _countryName_upd = "Y" +$ _countryName_cnt = 4 +$! +$ _stateOrProvinceName_prompt = "State or Province Name ?" +$ _stateOrProvinceName_default = "" +$ _stateOrProvinceName_upd = "Y" +$ _stateOrProvinceName_cnt = 2 +$! +$ _localityName_prompt = "City Name ?" +$ _localityName_default = "" +$ _localityName_upd = "Y" +$ _localityName_cnt = 2 +$! +$ _0organizationName_prompt = "Organization Name ?" +$ _0organizationName_default = "" +$ _0organizationName_upd = "Y" +$ _0organizationName_cnt = 2 +$! +$ _organizationalUnitName_prompt = "Organization Unit Name ?" +$ _organizationalUnitName_default = "" +$ _organizationalUnitName_upd = "Y" +$ _organizationalUnitName_cnt = 2 +$! +$ _commonName_prompt = "Common Name ?" +$ _commonName_max = "64" +$ HOSTNAME -s _commonName_default +$ _commonName_upd = "Y" +$ _commonName_cnt = 3 +$! +$ _emailAddress_prompt = "Email Address ?" +$ _emailAddress_max = "40" +$ _emailAddress_default = "webmaster@''_commonName_default'" +$ _emailAddress_upd = "Y" +$ _emailAddress_cnt = 3 +$! +$ IF F$SEARCH ("''SSL_CONF_FILE'") .NES. "" +$ THEN +$ GET_CONF_DATA "[''_request_name']#distinguished_name" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _distinguished_name = SSL_CONF_DATA +$ _distinguished_name_upd = "N" +$ ENDIF +$! +$ GET_CONF_DATA "[''_request_name']#default_bits" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _default_bits = SSL_CONF_DATA +$ _default_bits_upd = "N" +$ ENDIF +$! +$ GET_CONF_DATA "[''_request_name']#default_keyfile" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _default_keyfile = F$PARSE (SSL_CONF_DATA,"SSL$ROOT:",,"DEVICE") + - + F$PARSE (SSL_CONF_DATA,"[KEY]",,"DIRECTORY") + - + F$PARSE (SSL_CONF_DATA,"SERVER",,"NAME") + - + F$PARSE (SSL_CONF_DATA,".KEY",,"TYPE") +$ _default_keyfile_upd = "N" +$ ENDIF +$! +$ GET_CONF_DATA "[''_request_name']#default_crtfile" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _default_crtfile = F$PARSE (SSL_CONF_DATA,"SSL$ROOT:",,"DEVICE") + - + F$PARSE (SSL_CONF_DATA,"[CRT]",,"DIRECTORY") + - + F$PARSE (SSL_CONF_DATA,"SERVER",,"NAME") + - + F$PARSE (SSL_CONF_DATA,".CRT",,"TYPE") +$ _default_crtfile_upd = "N" +$ ENDIF +$! +$ CTR = 0 +$ GET_CONF_DATA "[''_distinguished_name']#countryName" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _countryName_prompt = SSL_CONF_DATA +$ CTR = CTR + 1 +$ ENDIF +$ GET_CONF_DATA "[''_distinguished_name']#countryName_min" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _countryName_min = SSL_CONF_DATA +$ CTR = CTR + 1 +$ ENDIF +$ GET_CONF_DATA "[''_distinguished_name']#countryName_max" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _countryName_max = SSL_CONF_DATA +$ CTR = CTR + 1 +$ ENDIF +$ GET_CONF_DATA "[''_distinguished_name']#countryName_default" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _countryName_default = SSL_CONF_DATA +$ CTR = CTR + 1 +$ ENDIF +$ IF _countryName_cnt .EQS. CTR THEN _countryName_upd = "N" +$! +$ CTR = 0 +$ GET_CONF_DATA "[''_distinguished_name']#stateOrProvinceName" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _stateOrProvinceName_prompt = SSL_CONF_DATA +$ CTR = CTR + 1 +$ ENDIF +$ GET_CONF_DATA "[''_distinguished_name']#stateOrProvinceName_default" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _stateOrProvinceName_default = SSL_CONF_DATA +$ CTR = CTR + 1 +$ ENDIF +$ IF _stateOrProvinceName_cnt .EQ. CTR THEN _stateOrProvinceName_upd = "N" +$! +$ CTR = 0 +$ GET_CONF_DATA "[''_distinguished_name']#localityName" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _localityName_prompt = SSL_CONF_DATA +$ CTR = CTR + 1 +$ ENDIF +$ GET_CONF_DATA "[''_distinguished_name']#localityName_default" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _localityName_default = SSL_CONF_DATA +$ CTR = CTR + 1 +$ ENDIF +$ IF _localityName_cnt .EQ. CTR THEN _localityName_default_upd = "N" +$! +$ CTR = 0 +$ GET_CONF_DATA "[''_distinguished_name']#0.organizationName" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _0organizationName_prompt = SSL_CONF_DATA +$ CTR = CTR + 1 +$ ENDIF +$ GET_CONF_DATA "[''_distinguished_name']#0.organizationName_default" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _0organizationName_default = SSL_CONF_DATA +$ CTR = CTR + 1 +$ ENDIF +$ IF _0organizationName_cnt .EQ. CTR THEN _0organizationName_default_upd = "N" +$! +$ CTR = 0 +$ GET_CONF_DATA "[''_distinguished_name']#organizationalUnitName" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _organizationalUnitName_prompt = SSL_CONF_DATA +$ CTR = CTR + 1 +$ ENDIF +$ GET_CONF_DATA "[''_distinguished_name']#organizationalUnitName_default" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _organizationalUnitName_default = SSL_CONF_DATA +$ CTR = CTR + 1 +$ ENDIF +$ IF _organizationalUnitName_cnt .EQ. CTR THEN _organizationalUnitName_upd = "N" +$! +$ CTR = 0 +$ GET_CONF_DATA "[''_distinguished_name']#commonName" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _commonName_prompt = SSL_CONF_DATA +$ CTR = CTR + 1 +$ ENDIF +$ GET_CONF_DATA "[''_distinguished_name']#commonName_max" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _commonName_max = SSL_CONF_DATA +$ CTR = CTR + 1 +$ ENDIF +$ GET_CONF_DATA "[''_distinguished_name']#commonName_default" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _commonName_default = SSL_CONF_DATA +$ CTR = CTR + 1 +$ ENDIF +$ IF _commonName_cnt .EQ. CTR THEN _commonName_default_upd = "N" +$! +$ CTR = 0 +$ GET_CONF_DATA "[''_distinguished_name']#emailAddress" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _emailAddress_prompt = SSL_CONF_DATA +$ CTR = CTR + 1 +$ ENDIF +$ GET_CONF_DATA "[''_distinguished_name']#emailAddress_max" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _emailAddress_max = SSL_CONF_DATA +$ CTR = CTR + 1 +$ ENDIF +$ GET_CONF_DATA "[''_distinguished_name']#emailAddress_default" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _emailAddress_default = SSL_CONF_DATA +$ CTR = CTR + 1 +$ ENDIF +$ IF _emailAddress_cnt .EQ. CTR THEN _emailAddress_default_upd = "N" +$ ENDIF +$! +$ SET_USER_DATA "[]#encrypt_key#-#N#Encrypt Private Key ?#S##1##Y#N" +$ SET_USER_DATA "[]#pem_pass_phrase#-##PEM Pass Phrase ?#P#1###Y#Y" +$ SET_USER_DATA "[''_request_name']#default_bits#D#''_default_bits'#Encryption Bits ?#I###''_default_bits_upd'#Y#N" +$ SET_USER_DATA "[''_request_name']#default_keyfile#D#''_default_keyfile'#Certificate Key File ?#F###''_default_keyfile_upd'#Y#N" +$ SET_USER_DATA "[''_request_name']#default_crtfile#D#''_default_crtfile'#Certificate File ?#F###''_default_crtfile_upd'#Y#N" +$ SET_USER_DATA "[''_request_name']#distinguished_name#D#''_distinguished_name'##S###''_distinguished_name_upd'#N#N" +$ SET_USER_DATA "[''_distinguished_name']#countryName#P#''_countryName_default'#''_countryName_prompt'#S#''_countryName_min'#''#''_countryName_upd'#Y#N" +$ SET_USER_DATA "[''_distinguished_name']#stateOrProvinceName#P#''_stateOrProvinceName_default'#''_stateOrProvinceName_prompt'####''_stateOrProvinceName_upd'#Y#N" +$ SET_USER_DATA "[''_distinguished_name']#localityName#P#''_localityName_default'#''_localityName_prompt'#S###''_localityName_upd'#Y#N" +$ SET_USER_DATA "[''_distinguished_name']#0.organizationName#P#''_0organizationName_default'#''_0organizationName_prompt'#S###''_0organizationalName_upd'#Y#N" +$ SET_USER_DATA "[''_distinguished_name']#organizationalUnitName#P#''_organizationalUnitName_default'#''_organizationalUnitName_prompt#S###''_organizationalUnitName_upd'#Y#N" +$ SET_USER_DATA "[''_distinguished_name']#commonName#P#''_commonName_default'#''_commonName_prompt'#S##''_commonName_max'#''_commonName_upd'#Y#N" +$ SET_USER_DATA "[''_distinguished_name']#emailAddress#P#''_emailAddress_default'#''_emailAddress_prompt'#S##''_emailAddress_max'#''_emailAddress_upd'#Y#N" +$ SET_USER_DATA "[]#display_certificate#-#N#Display the Certificate ?#S##1##Y#N" +$! +$ SAY ESC + "[''MSG_ROW';01H", CEOS +$! +$!------------------------------------------------------------------------------ +$! Confirm/Update the SSL Configuration Data +$!------------------------------------------------------------------------------ +$! +$ CTR = 1 +$! +$PROMPT_LOOP: +$! +$ IF CTR .LE. SSL_USER_DATA_MAX +$ THEN +$ KEY = F$ELEMENT (0,"#",SSL_USER_DATA_'CTR') ! Key Name +$ ITM = F$ELEMENT (1,"#",SSL_USER_DATA_'CTR') ! Item Name +$ VAL = F$ELEMENT (2,"#",SSL_USER_DATA_'CTR') ! Item Value Contains Default or Prompt +$ DEF = F$ELEMENT (3,"#",SSL_USER_DATA_'CTR') ! Default Value +$ PRM = F$ELEMENT (4,"#",SSL_USER_DATA_'CTR') ! Prompt Value +$ TYP = F$ELEMENT (5,"#",SSL_USER_DATA_'CTR') ! Value Type +$ MIN = F$ELEMENT (6,"#",SSL_USER_DATA_'CTR') ! Value Minimum Length +$ MAX = F$ELEMENT (7,"#",SSL_USER_DATA_'CTR') ! Value Maximum Length +$ UPD = F$ELEMENT (8,"#",SSL_USER_DATA_'CTR') ! Entry Updated ? +$ REQ = F$ELEMENT (9,"#",SSL_USER_DATA_'CTR') ! Entry Required for Input ? +$ CFM = F$ELEMENT (10,"#",SSL_USER_DATA_'CTR')! Confirm Input ? +$! +$! The PEM Pass Phrase prompt is dependant on the answer to encrypt the private key +$! +$ IF KEY .EQS. "[]" .AND. ITM .EQS. "pem_pass_phrase" +$ THEN +$ GET_USER_DATA "[]#encrypt_key" +$ _encrypt_key = SSL_USER_DATA +$ IF F$EDIT (_encrypt_key,"UPCASE") .NES. "Y" +$ THEN +$ CTR = CTR + 1 +$ GOTO PROMPT_LOOP +$ ENDIF +$ ENDIF +$! +$ CONFIRMED = 0 +$ IF REQ .EQS. "N" +$ THEN +$ CTR = CTR + 1 +$ GOTO PROMPT_LOOP +$ ENDIF +$ IF ROW .GT. MSG_ROW - 2 +$ THEN +$ SAY ESC + "[''TOP_ROW';01H", CEOS +$ ROW = TOP_ROW +$ ENDIF +$! +$CONFIRM_LOOP: +$! +$ IF PRM .EQS. "" +$ THEN +$ PROMPT = ESC + "[''ROW';''COL'H''ITM' ? [''DEF'] ''CEOL'" +$ ELSE +$ PROMPT = ESC + "[''ROW';''COL'H''PRM' [''DEF'] ''CEOL'" +$ ENDIF +$ IF TYP .EQS. "P" THEN SET TERMINAL /NOECHO +$ ASK "''PROMPT'" ANS /END_OF_FILE=EXIT +$ IF TYP .EQS. "P" THEN SET TERMINAL /ECHO +$ ANS = F$EDIT (ANS,"TRIM") +$ IF ANS .EQS. "" THEN ANS = DEF +$ IF TYP .EQS. "F" +$ THEN +$ ANS = F$PARSE ("''ANS'","''DEF'",,,"SYNTAX_ONLY") +$ ENDIF +$ IF TYP .EQS. "I" .AND. F$TYPE (ANS) .NES. "INTEGER" +$ THEN +$ CALL INVALID_ENTRY +$ SAY ESC + "[''ROW';01H", CEOS +$ GOTO PROMPT_LOOP +$ ENDIF +$ IF (TYP .EQS. "S" .OR. TYP .EQS. "P") .AND. - + ((MIN .NES. "" .AND. F$LENGTH (ANS) .LT. F$INTEGER(MIN)) .OR. - + (MAX .NES. "" .AND. F$LENGTH (ANS) .GT. F$INTEGER(MAX))) +$ THEN +$ CALL INVALID_ENTRY +$ SAY ESC + "[''ROW';01H", CEOS +$ IF TYP .EQS. "S" THEN GOTO PROMPT_LOOP +$ IF TYP .EQS. "P" THEN GOTO CONFIRM_LOOP +$ ENDIF +$ ROW = ROW + 1 +$ IF CFM .EQS. "Y" +$ THEN +$ IF CONFIRMED .EQ. 0 +$ THEN +$ CONFIRMED = 1 +$ CONFIRMED_ANS = ANS +$ PRM = "Confirm ''PRM'" +$ GOTO CONFIRM_LOOP +$ ELSE +$ IF ANS .NES. CONFIRMED_ANS +$ THEN +$ CALL INVALID_ENTRY +$ ROW = ROW - 2 +$ SAY ESC + "[''ROW';01H", CEOS +$ GOTO PROMPT_LOOP +$ ENDIF +$ ENDIF +$ ENDIF +$ IF ANS .NES. DEF THEN SSL_USER_DATA_'CTR' = "''KEY'#''ITM'#''VAL'#''ANS'#''PRM'#''TYP'#''MIN'#''MAX'#Y#''REQ'#''CFM'" +$ CTR = CTR + 1 +$ GOTO PROMPT_LOOP +$ ENDIF +$! +$!------------------------------------------------------------------------------ +$! Save the SSL Configuration Data +$!------------------------------------------------------------------------------ +$! +$ CTR = 1 +$ SAY ESC + "[''MSG_ROW';01H", BLNK, " Saving Configuration ...", NORM +$! +$SAVE_CONF_LOOP: +$! +$ IF CTR .LE. SSL_USER_DATA_MAX +$ THEN +$ KEY = F$ELEMENT (0,"#",SSL_USER_DATA_'CTR') ! Key Name +$ ITM = F$ELEMENT (1,"#",SSL_USER_DATA_'CTR') ! Item Name +$ VAL = F$ELEMENT (2,"#",SSL_USER_DATA_'CTR') ! Item Value Contains Default or Prompt +$ DEF = F$ELEMENT (3,"#",SSL_USER_DATA_'CTR') ! Default Value +$ PRM = F$ELEMENT (4,"#",SSL_USER_DATA_'CTR') ! Prompt Value +$ TYP = F$ELEMENT (5,"#",SSL_USER_DATA_'CTR') ! Value Type +$ MIN = F$ELEMENT (6,"#",SSL_USER_DATA_'CTR') ! Value Minimum Length +$ MAX = F$ELEMENT (7,"#",SSL_USER_DATA_'CTR') ! Value Maximum Length +$ UPD = F$ELEMENT (8,"#",SSL_USER_DATA_'CTR') ! Entry Updated ? +$ REQ = F$ELEMENT (9,"#",SSL_USER_DATA_'CTR') ! Entry Required for Input ? +$ CFM = F$ELEMENT (10,"#",SSL_USER_DATA_'CTR')! Confirm Input ? +$ IF UPD .NES. "Y" .OR. VAL .EQS. "-" +$ THEN +$ CTR = CTR + 1 +$ GOTO SAVE_CONF_LOOP +$ ENDIF +$ IF VAL .EQS. "D" +$ THEN +$ SET_CONF_DATA "''KEY'#''ITM'" "''DEF'" +$ ELSE +$ SET_CONF_DATA "''KEY'#''ITM'" "''PRM'" +$ SET_CONF_DATA "''KEY'#''ITM'_default" "''DEF'" +$ ENDIF +$ IF MIN .NES. "" THEN SET_CONF_DATA "''KEY'#''ITM'_min" "''MIN'" +$ IF MAX .NES. "" THEN SET_CONF_DATA "''KEY'#''ITM'_max" "''MAX'" +$ CTR = CTR + 1 +$ GOTO SAVE_CONF_LOOP +$ ENDIF +$! +$ PURGE /NOLOG /NOCONFIRM 'SSL_CONF_FILE' +$ RENAME 'SSL_CONF_FILE'; ;1 +$! +$ SAY ESC + "[''MSG_ROW';01H", CEOS +$! +$!------------------------------------------------------------------------------ +$! Create the Server Certificiate +$!------------------------------------------------------------------------------ +$! +$ SAY ESC + "[''MSG_ROW';01H", BLNK, " Creating Self-Signed Certificate ...", NORM +$! +$ X1 = 2 +$ Y1 = TOP_ROW +$ X2 = TT_COLS - 2 +$ Y2 = MSG_ROW - 1 +$! +$ GET_USER_DATA "[]#encrypt_key" +$ _encrypt_key = SSL_USER_DATA +$ IF F$EDIT (_encrypt_key,"UPCASE") .EQS. "Y" +$ THEN +$ GET_USER_DATA "[]#pem_pass_phrase" +$ _pem_pass_phrase = SSL_USER_DATA +$ ENDIF +$ GET_USER_DATA "[''_request_name']#default_bits" +$ _default_bits = SSL_USER_DATA +$ GET_USER_DATA "[''_request_name']#default_keyfile" +$ _default_keyfile = SSL_USER_DATA +$ GET_USER_DATA "[''_request_name']#default_crtfile" +$ _default_crtfile = SSL_USER_DATA +$ GET_USER_DATA "[]#display_certificate" +$ _display_certificate = SSL_USER_DATA +$! +$ DEFINE /USER /NOLOG SYS$ERROR NL: +$ DEFINE /USER /NOLOG SYS$OUTPUT NL: +$ SHOW SYSTEM /FULL /OUT=SYS$LOGIN:SSL_REQ_'PID'.RND +$! +$ OPEN /WRITE OFILE SYS$LOGIN:SSL_REQ_'PID'.COM +$ WRITE OFILE "$ DEFINE /USER /NOLOG RANDFILE SYS$LOGIN:SSL_REQ_''PID'.RND" +$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$ERROR SYS$LOGIN:SSL_REQ_''PID'.LOG" +$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$OUTPUT SYS$LOGIN:SSL_REQ_''PID'.LOG" +$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$COMMAND SYS$INPUT" +$ IF F$EDIT (_encrypt_key,"UPCASE") .EQS. "Y" +$ THEN +$ WRITE OFILE "$ OPENSSL req -config ''SSL_CONF_FILE' -new -days 365 -x509 -keyout ''_default_keyfile' -out ''_default_crtfile'" +$ WRITE OFILE "''_pem_pass_phrase'" +$ WRITE OFILE "''_pem_pass_phrase'" +$ ELSE +$ WRITE OFILE "$ OPENSSL req -config ''SSL_CONF_FILE' -nodes -new -days 365 -x509 -keyout ''_default_keyfile' -out ''_default_crtfile'" +$ ENDIF +$ WRITE OFILE "" +$ WRITE OFILE "" +$ WRITE OFILE "" +$ WRITE OFILE "" +$ WRITE OFILE "" +$ WRITE OFILE "" +$ WRITE OFILE "" +$ CLOSE OFILE +$! +$ @SYS$LOGIN:SSL_REQ_'PID'.COM +$! +$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.COM;* +$! +$ DEFINE /USER /NOLOG SYS$ERROR NL: +$ DEFINE /USER /NOLOG SYS$OUTPUT NL: +$ SEARCH SYS$LOGIN:SSL_REQ_'PID'.LOG /OUT=SYS$LOGIN:SSL_REQ_'PID'.ERR ":error:" +$ IF F$SEARCH ("SYS$LOGIN:SSL_REQ_''PID'.ERR") .NES. "" +$ THEN +$ IF F$FILE_ATTRIBUTE ("SYS$LOGIN:SSL_REQ_''PID'.ERR","ALQ") .NE. 0 +$ THEN +$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.ERR;* +$ SAY ESC + "[''MSG_ROW';01H''BELL'''CEOS'" +$ SHOW_FILE "SYS$LOGIN:SSL_REQ_''PID'.LOG" 'X1' 'Y1' 'X2' 'Y2' "< ERROR >" +$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.LOG;* +$ GOTO EXIT +$ ENDIF +$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.ERR;* +$ ENDIF +$! +$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.LOG;* +$! +$ IF F$EDIT (_display_certificate,"TRIM,UPCASE") .EQS. "Y" +$ THEN +$ SAY ESC + "[''MSG_ROW';01H", BLNK, " Generating Output ...", NORM, CEOL +$! +$ OPEN /WRITE OFILE SYS$LOGIN:SSL_X509_'PID'.COM +$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$ERROR SYS$LOGIN:SSL_X509_''PID'.LOG" +$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$OUTPUT SYS$LOGIN:SSL_X509_''PID'.LOG" +$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$COMMAND SYS$INPUT" +$ WRITE OFILE "$ OPENSSL x509 -noout -text -in ''_default_crtfile'" +$ CLOSE OFILE +$! +$ @SYS$LOGIN:SSL_X509_'PID'.COM +$! +$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.COM;* +$! +$ DEFINE /USER /NOLOG SYS$ERROR NL: +$ DEFINE /USER /NOLOG SYS$OUTPUT NL: +$ SEARCH SYS$LOGIN:SSL_X509_'PID'.LOG /OUT=SYS$LOGIN:SSL_X509_'PID'.ERR ":error:" +$ IF F$SEARCH ("SYS$LOGIN:SSL_X509_''PID'.ERR") .NES. "" +$ THEN +$ IF F$FILE_ATTRIBUTE ("SYS$LOGIN:SSL_X509_''PID'.ERR","ALQ") .NE. 0 +$ THEN +$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.ERR;* +$ SAY ESC + "[''MSG_ROW';01H''BELL'''CEOS'" +$ SHOW_FILE "SYS$LOGIN:SSL_X509_''PID'.LOG" 'X1' 'Y1' 'X2' 'Y2' "< ERROR >" +$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.LOG;* +$ GOTO EXIT +$ ENDIF +$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.ERR;* +$ ENDIF +$! +$ SAY ESC + "[''MSG_ROW';01H''CEOS'" +$ SHOW_FILE "SYS$LOGIN:SSL_X509_''PID'.LOG" 'X1' 'Y1' 'X2' 'Y2' "< ''_default_crtfile' >" +$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.LOG;* +$ GOTO EXIT +$ ENDIF +$! +$ TEXT = "Press return to continue" +$ COL = (TT_COLS - F$LENGTH (TEXT)) / 2 +$! +$ SAY ESC + "[''MSG_ROW';01H", CEOS +$ PROMPT = ESC + "[''MSG_ROW';''COL'H''TEXT'" +$ ASK "''PROMPT'" OPT +$! +$GOTO EXIT +z$! +$!------------------------------------------------------------------------------ +$! Set the User Data +$!------------------------------------------------------------------------------ +$! +$SET_USER_DATA: SUBROUTINE +$! +$ IF F$TYPE (SSL_USER_DATA_MAX) .EQS. "" +$ THEN +$ SSL_USER_DATA_MAX == 1 +$ ELSE +$ SSL_USER_DATA_MAX == SSL_USER_DATA_MAX + 1 +$ ENDIF +$! +$ SSL_USER_DATA_'SSL_USER_DATA_MAX' == "''P1'" +$! +$ EXIT +$! +$ ENDSUBROUTINE +$! +$!------------------------------------------------------------------------------ +$! Find the Request Data +$!------------------------------------------------------------------------------ +$! +$GET_USER_DATA: SUBROUTINE +$! +$ CTR = 1 +$ USER_KEY = F$ELEMENT (0,"#",P1) +$ USER_ITM = F$ELEMENT (1,"#",P1) +$! +$GET_USER_DATA_LOOP: +$! +$ IF CTR .LE. SSL_USER_DATA_MAX +$ THEN +$ KEY = F$ELEMENT (0,"#",SSL_USER_DATA_'CTR') ! Key Name +$ ITM = F$ELEMENT (1,"#",SSL_USER_DATA_'CTR') ! Item Name +$ VAL = F$ELEMENT (2,"#",SSL_USER_DATA_'CTR') ! Item Value Contains Default or Prompt +$ DEF = F$ELEMENT (3,"#",SSL_USER_DATA_'CTR') ! Default Value +$ PRM = F$ELEMENT (4,"#",SSL_USER_DATA_'CTR') ! Prompt Value +$ IF USER_KEY .NES. KEY .OR. USER_ITM .NES. ITM +$ THEN +$ CTR = CTR + 1 +$ GOTO GET_USER_DATA_LOOP +$ ENDIF +$ IF VAL .EQS. "-" THEN SSL_USER_DATA == "''DEF'" +$ IF VAL .EQS. "D" THEN SSL_USER_DATA == "''DEF'" +$ IF VAL .EQS. "P" THEN SSL_USER_DATA == "''PRM'" +$ ENDIF +$! +$ EXIT +$! +$ ENDSUBROUTINE +$! +$!------------------------------------------------------------------------------ +$! Delete the User Data +$!------------------------------------------------------------------------------ +$! +$DEL_USER_DATA: SUBROUTINE +$! +$ IF F$TYPE (SSL_USER_DATA_MAX) .EQS. "" THEN GOTO DEL_USER_DATA_END +$! +$DEL_USER_DATA_LOOP: +$! +$ IF F$TYPE (SSL_USER_DATA_'SSL_USER_DATA_MAX') .NES. "" +$ THEN +$ DELETE /SYMBOL /GLOBAL SSL_USER_DATA_'SSL_USER_DATA_MAX' +$ SSL_USER_DATA_MAX == SSL_USER_DATA_MAX - 1 +$ GOTO DEL_USER_DATA_LOOP +$ ENDIF +$! +$ DELETE /SYMBOL /GLOBAL SSL_USER_DATA_MAX +$! +$DEL_USER_DATA_END: +$! +$ IF F$TYPE (SSL_USER_DATA) .NES. "" THEN DELETE /SYMBOL /GLOBAL SSL_USER_DATA +$! +$ EXIT +$! +$ ENDSUBROUTINE +$! +$!------------------------------------------------------------------------------ +$! Display the invalid entry +$!------------------------------------------------------------------------------ +$! +$INVALID_ENTRY: SUBROUTINE +$! +$ SAY ESC + "[''MSG_ROW';01H", BELL, " Invalid Entry, Try again ...''CEOL'" +$ Wait 00:00:01.5 +$ SAY ESC + "[''MSG_ROW';01H", CEOL +$! +$ EXIT +$! +$ ENDSUBROUTINE +$! +$!------------------------------------------------------------------------------ +$! +$!------------------------------------------------------------------------------ +$! +$EXIT: +$! +$ DEFINE /USER /NOLOG SYS$ERROR NL: +$ DEFINE /USER /NOLOG SYS$OUTPUT NL: +$ CLOSE OFILE +$! +$ DEL_USER_DATA +$! +$ IF F$TYPE (SSL_CONF_DATA) .NES. "" THEN DELETE /SYMBOL /GLOBAL SSL_CONF_DATA +$! +$ IF F$GETDVI ("TT:","TT_NOECHO") .AND. .NOT. TT_NOECHO THEN SET TERMINAL /ECHO +$! +$ IF F$SEARCH ("SYS$LOGIN:SSL_REQ_''PID'.%%%;*") .NES. "" THEN DELETE/NOLOG/NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.%%%;* +$ IF F$SEARCH ("SYS$LOGIN:SSL_X509_''PID'.%%%;*") .NES. "" THEN DELETE/NOLOG/NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.%%%;* +$! +$ Verify = F$VERIFY (Verify) +$! +$ EXIT diff --git a/VMS/cert_tool/ssl$show_file.com b/VMS/cert_tool/ssl$show_file.com new file mode 100644 index 000000000..a8eecbebe --- /dev/null +++ b/VMS/cert_tool/ssl$show_file.com @@ -0,0 +1,205 @@ +$! +$!------------------------------------------------------------------------------ +$! SSL$SHOW_FILE.COM - SSL Show File procedure +$!------------------------------------------------------------------------------ +$! +$ Verify = F$VERIFY (0) +$ Set NoOn +$ Set NoControl=Y +$! +$!------------------------------------------------------------------------------ +$! Description +$!------------------------------------------------------------------------------ +$! +$! This procedure display the contents of a given file in a box size specified. +$! +$! The parameters used are: +$! +$! P1 - File to View +$! P2 - X1 coordinate +$! P3 - Y1 coordinate +$! P4 - X2 coordinate +$! P5 - Y3 coordinate +$! P6 - File Box Title (Optional) +$! +$!------------------------------------------------------------------------------ +$! Define symbols +$!------------------------------------------------------------------------------ +$! +$ SAY := WRITE SYS$OUTPUT +$ ASK := READ SYS$COMMAND /END_OF_FILE=EXIT /PROMPT= +$ On Control_Y THEN GOTO EXIT +$ Set Control=Y +$! +$ DRAW_BOX := @SSL$COM:SSL$DRAW_BOX +$ FILL_BOX := @SSL$COM:SSL$FILL_BOX +$! +$ ESC[0,8] = 27 ! Set the Escape Character +$ CEOL = ESC + "[0K" ! Clear to the End of the Line +$ NORM = ESC + "[0m" ! Turn Attributes off +$ BOLD = ESC + "[1m" ! Turn on BOLD Attribute +$! +$!------------------------------------------------------------------------------ +$! Display the Page Header +$!------------------------------------------------------------------------------ +$! +$ REC_MAX = 0 +$ OPEN /READ IFILE 'P1' +$! +$READ_LOOP: +$! +$ READ /END_OF_FILE=READ_END IFILE IREC +$ REC_MAX = REC_MAX + 1 +$ REC_'REC_MAX' = IREC +$ GOTO READ_LOOP +$! +$READ_END: +$! +$ CLOSE IFILE +$! +$ IF REC_MAX .EQ. 0 +$ THEN +$ DRAW_BOX 'P2' 'P3' 'P4' 'P5' "''P6'" " ** End-of-File **, Press Return to Exit " +$ INPUT_ROW = P5 + 1 +$ PROMPT = ESC + "[''INPUT_ROW';01H ''CEOL'" +$ ASK "''PROMPT'" OPT +$ GOTO EXIT +$ ENDIF +$! +$ COL = P2 + 2 +$ ROW = P3 + 2 +$ TOP_ROW = ROW +$ INPUT_ROW = P5 + 1 +$ BOX_WIDTH = P4 - (P2 + 2) +$ BOX_HEIGHT = P5 - (P3 + 3) +$! +$ REC_CTR = 1 +$ PAGE_CTR = 1 +$ PAGE_'PAGE_CTR'_REC_CTR = REC_CTR +$ RECS_PER_PAGE = BOX_HEIGHT +$ PAGE_MAX = REC_MAX / RECS_PER_PAGE +$ IF PAGE_MAX * RECS_PER_PAGE .LT. REC_MAX THEN PAGE_MAX = PAGE_MAX + 1 +$! +$ DRAW_BOX 'P2' 'P3' 'P4' 'P5' "''P6'" " Enter B for Back, N for Next, Ctrl-Z to Exit " +$ PAGE_TXT = F$FAO (" Page !UL of !UL ", PAGE_CTR, PAGE_MAX) +$ _COL = P2 + (BOX_WIDTH - F$LENGTH (PAGE_TXT)) + 2 +$ SAY ESC + "[''P3';''_COL'H''BOLD'''PAGE_TXT'''NORM'" +$! +$DISPLAY_LOOP: +$! +$ IF REC_CTR .LE. REC_MAX .AND. F$TYPE (REC_'REC_CTR') .NES. "" +$ THEN +$ REC = REC_'REC_CTR' +$ ENDIF +$ WRAP_IN_PROGRESS = 0 +$! +$WRAP_LOOP: +$! +$ IF ROW .LE. (P5 - 2) .AND. - + REC_CTR .LE. PAGE_CTR * RECS_PER_PAGE +$ THEN +$ IF F$LENGTH (REC) .GT. BOX_WIDTH +$ THEN +$ IF WRAP_IN_PROGRESS .EQ. 0 +$ THEN +$ WRAP_IN_PROGRESS = 1 +$ _COL = COL +$ ELSE +$ _COL = COL - 1 +$ ENDIF +$ REC_SEG = F$EXTRACT (0, BOX_WIDTH, REC) +$ SAY ESC + "[''ROW';''_COL'H", REC_SEG +$ REC = ">" + F$EXTRACT (BOX_WIDTH, F$LENGTH (REC)-BOX_WIDTH, REC) +$ ROW = ROW + 1 +$ GOTO WRAP_LOOP +$ ELSE +$ IF REC_CTR .LE. REC_MAX .AND. F$TYPE (REC_'REC_CTR') .NES. "" +$ THEN +$ IF WRAP_IN_PROGRESS .EQ. 1 +$ THEN +$ _COL = COL - 1 +$ ELSE +$ _COL = COL +$ ENDIF +$ SAY ESC + "[''ROW';''_COL'H", REC +$ ENDIF +$ ENDIF +$ ELSE +$! +$RETRY: +$! +$ PROMPT = ESC + "[''INPUT_ROW';01H ''CEOL'" +$ ASK "''PROMPT'" OPT +$ IF F$EDIT (OPT,"TRIM,UPCASE") .NES. "B" .AND. - + F$EDIT (OPT,"TRIM,UPCASE") .NES. "N" +$ THEN +$ CALL INVALID_ENTRY +$ GOTO RETRY +$ ENDIF +$ IF F$EDIT (OPT,"TRIM,UPCASE") .EQS. "B" +$ THEN +$ IF PAGE_CTR .GT. 1 +$ THEN +$ ROW = TOP_ROW +$ PAGE_CTR = PAGE_CTR - 1 +$ REC_CTR = PAGE_'PAGE_CTR'_REC_CTR +$ PAGE_TXT = F$FAO (" Page !UL of !UL ", PAGE_CTR, PAGE_MAX) +$ _COL = P2 + (BOX_WIDTH - F$LENGTH (PAGE_TXT)) + 2 +$ SAY ESC + "[''P3';''_COL'H''BOLD'''PAGE_TXT'''NORM'" +$ FILL_BOX 'P2' 'P3' 'P4' 'P5' +$ GOTO DISPLAY_LOOP +$ ELSE +$ CALL INVALID_ENTRY +$ GOTO RETRY +$ ENDIF +$ ENDIF +$ IF F$EDIT (OPT,"TRIM,UPCASE") .EQS. "N" +$ THEN +$ IF PAGE_CTR .LT. PAGE_MAX +$ THEN +$ PAGE_CTR = PAGE_CTR + 1 +$ PAGE_'PAGE_CTR'_REC_CTR = REC_CTR +$ PAGE_TXT = F$FAO (" Page !UL of !UL ", PAGE_CTR, PAGE_MAX) +$ _COL = P2 + (BOX_WIDTH - F$LENGTH (PAGE_TXT)) + 2 +$ SAY ESC + "[''P3';''_COL'H''BOLD'''PAGE_TXT'''NORM'" +$ FILL_BOX 'P2' 'P3' 'P4' 'P5' +$ ELSE +$ CALL INVALID_ENTRY +$ GOTO RETRY +$ ENDIF +$ ENDIF +$ FILL_BOX 'P2' 'P3' 'P4' 'P5' +$ ROW = TOP_ROW +$ GOTO WRAP_LOOP +$ ENDIF +$ REC_CTR = REC_CTR + 1 +$ ROW = ROW + 1 +$ GOTO DISPLAY_LOOP +$! +$!------------------------------------------------------------------------------ +$! Display the invalid entry +$!------------------------------------------------------------------------------ +$! +$INVALID_ENTRY: SUBROUTINE +$! +$ SAY ESC + "[''INPUT_ROW';01H", BELL, " Invalid Entry, Try again ...''CEOL'" +$ Wait 00:00:01.5 +$ SAY ESC + "[''INPUT_ROW';01H", CEOL +$! +$ EXIT +$! +$ ENDSUBROUTINE +$! +$!------------------------------------------------------------------------------ +$! Exit +$!------------------------------------------------------------------------------ +$! +$EXIT: +$! +$ DEFINE /USER /NOLOG SYS$ERROR NL: +$ DEFINE /USER /NOLOG SYS$OUTPUT NL: +$ CLOSE IFILE +$! +$ Verify = F$VERIFY (Verify) +$! +$ EXIT diff --git a/VMS/cert_tool/ssl$sign_cert.com b/VMS/cert_tool/ssl$sign_cert.com new file mode 100644 index 000000000..0413b84a3 --- /dev/null +++ b/VMS/cert_tool/ssl$sign_cert.com @@ -0,0 +1,759 @@ +$! +$!------------------------------------------------------------------------------ +$! SSL$SIGN_CERT.COM - SSL Sign Certificate Request procedure +$!------------------------------------------------------------------------------ +$! +$ Verify = F$VERIFY (0) +$ Set NoOn +$ Set NoControl=Y +$! +$!------------------------------------------------------------------------------ +$! Description +$!------------------------------------------------------------------------------ +$! +$! This procedure prompts the user through creating a Server Certificate. +$! +$! There are no parameters used. +$! +$!------------------------------------------------------------------------------ +$! Define symbols +$!------------------------------------------------------------------------------ +$! +$ DELETE := DELETE +$ SAY := WRITE SYS$OUTPUT +$ ASK := READ SYS$COMMAND /END_OF_FILE=EXIT /PROMPT= +$ PID = F$GETJPI ("","PID") +$ TT_NOECHO = F$GETDVI ("TT:","TT_NOECHO") +$ On Control_Y THEN GOTO EXIT +$ Set Control=Y +$! +$ TT_ROWS = F$GETDVI ("TT:","TT_PAGE") +$ TT_COLS = F$GETDVI ("TT:","DEVBUFSIZ") +$! +$ GET_USER_DATA := CALL GET_USER_DATA +$ SET_USER_DATA := CALL SET_USER_DATA +$ DEL_USER_DATA := CALL DEL_USER_DATA +$ INIT_TERM := @SSL$COM:SSL$INIT_TERM +$ SHOW_FILE := @SSL$COM:SSL$SHOW_FILE +$ SSL_CONF_FILE = F$TRNLMN ("SSL$CA_CONF") +$ GET_CONF_DATA := @SSL$COM:SSL$CONF_UTIL 'SSL_CONF_FILE' GET +$ SET_CONF_DATA := @SSL$COM:SSL$CONF_UTIL 'SSL_CONF_FILE' SET +$! +$ ESC[0,8] = 27 ! Set the Escape Character +$ BELL[0,8] = 7 ! Ring the terminal Bell +$ RED = 1 ! Color - Red +$ FGD = 30 ! Foreground +$ BGD = 0 ! Background +$ CSCR = ESC + "[2J" ! Clear the Screen +$ CEOS = ESC + "[0J" ! Clear to the End of the Screen +$ CEOL = ESC + "[0K" ! Clear to the End of the Line +$ NORM = ESC + "[0m" ! Turn Attributes off +$ BLNK = ESC + "[5m" ! Turn on BLINK Attribute +$ WIDE = ESC + "#6" ! Turn on WIDE Attribute +$! +$!------------------------------------------------------------------------------ +$! Run the SSL setup if it hasn't been run yet +$!------------------------------------------------------------------------------ +$! +$ IF F$TRNLNM ("SSL$ROOT") .EQS. "" +$ THEN +$ IF F$SEARCH ("SSL$COM:SSL$INIT_ENV.COM") .NES. "" +$ THEN +$ @SSL$COM:SSL$INIT_ENV.COM +$ ELSE +$ SAY BELL, "Unable to locate SSL$COM:SSL$INIT_ENV.COM ..." +$ GOTO EXIT +$ ENDIF +$ ENDIF +$! +$!------------------------------------------------------------------------------ +$! Display the Page Header +$!------------------------------------------------------------------------------ +$! +$ INIT_TERM +$ BCOLOR = BGD +$ FCOLOR = FGD + RED +$ COLOR = ESC + "[''BCOLOR';''FCOLOR'm" +$! +$ TEXT = "SSL Certificate Tool" +$ COL = (TT_COLS - (F$LENGTH (TEXT) * 2)) / 4 +$! +$ SAY ESC + "[01;01H", CSCR +$ SAY ESC + "[02;''COL'H", COLOR, WIDE, TEXT, NORM +$! +$ TEXT = "Sign Certificate Request" +$ COL = (TT_COLS - F$LENGTH (TEXT)) / 2 +$! +$ SAY ESC + "[04;01H" +$ SAY ESC + "[04;''COL'H", COLOR, TEXT, NORM +$! +$ CTR = 1 +$ ROW = 6 +$ COL = 2 +$ TOP_ROW = ROW +$ MSG_ROW = TT_ROWS - 1 +$! +$!------------------------------------------------------------------------------ +$! Initialize the Request Data +$!------------------------------------------------------------------------------ +$! +$ IF F$SEARCH ("''SSL_CONF_FILE'") .NES. "" +$ THEN +$ SAY ESC + "[''MSG_ROW';01H", BLNK, " Reading Configuration ...", NORM +$ ELSE +$ SAY ESC + "[''MSG_ROW';01H", BLNK, " Initializing Configuration ...", NORM +$ ENDIF +$! +$ _ca = "ca" +$! +$ _default_ca = "CA_default_ca" +$ _default_ca_upd = "Y" +$! +$ _default_serfile = "SSL$DB:SERIAL.TXT" +$ _default_serfile_upd = "Y" +$! +$ _default_idxfile = "SSL$DB:INDEX.TXT" +$ _default_idxfile_upd = "Y" +$! +$ _default_crtfile = "SSL$CRT:SERVER_CA.CRT" +$ _default_crtfile_upd = "Y" +$! +$ _default_keyfile = "SSL$KEY:SERVER_CA.KEY" +$ _default_keyfile_upd = "Y" +$! +$ _default_csrfile = "SSL$CSR:SERVER.CSR" +$ _default_csrfile_upd = "Y" +$! +$ _default_sgnfile = "SSL$CRT:SIGNED.CRT" +$ _default_sgnfile_upd = "Y" +$! +$ _default_newcert = "SSL$CRT" +$ _default_newcert_upd = "Y" +$! +$ _default_md = "md5" +$ _default_md_upd = "Y" +$! +$ _default_days = "365" +$ _default_days_upd = "Y" +$! +$ _default_policy = "policy_anything" +$ _default_policy_upd = "Y" +$! +$ _policy_countryName = "optional" +$ _policy_countryName_upd = "Y" +$! +$ _policy_stateOrProvinceName = "optional" +$ _policy_stateOrProvinceName_upd = "Y" +$! +$ _policy_localityName = "optional" +$ _policy_localityName_upd = "Y" +$! +$ _policy_organizationName = "optional" +$ _policy_organizationName_upd = "Y" +$! +$ _policy_organizationalUnitName = "optional" +$ _policy_organizationalUnitName_upd = "Y" +$! +$ _policy_commonName = "supplied" +$ _policy_commonName_upd = "Y" +$! +$ _policy_emailAddress = "optional" +$ _policy_emailAddress_upd = "Y" +$! +$ _default_x509_extensions = "CA_x509_extensions" +$ _default_x509_extensions_upd = "Y" +$! +$ _x509_basicContraints = "CA:FALSE" +$ _x509_basicContraints_upd = "Y" +$! +$ _x509_nsCertType = "client,email,objsign,server" +$ _x509_nsCertType_upd = "Y" +$! +$ _x509_nsComment = "SSL Generated Certificate" +$ _x509_nsComment_upd = "Y" +$! +$ _x509_subjectKeyIdentifier = "hash" +$ _x509_subjectKeyIdentifier_upd = "Y" +$! +$ _x509_authorityKeyIdentifier = "keyid,issuer:always" +$ _x509_authorityKeyIdentifier_upd = "Y" +$! +$ IF F$SEARCH ("''SSL_CONF_FILE'") .NES. "" +$ THEN +$ GET_CONF_DATA "[''_ca']#default_ca" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _default_ca = SSL_CONF_DATA +$ _default_ca_upd = "N" +$ ENDIF +$! +$ GET_CONF_DATA "[''_default_ca']#serial" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _default_serfile = F$PARSE (SSL_CONF_DATA,"SSL$ROOT:",,"DEVICE") + - + F$PARSE (SSL_CONF_DATA,"[DB]",,"DIRECTORY") + - + F$PARSE (SSL_CONF_DATA,"SERIAL",,"NAME") + - + F$PARSE (SSL_CONF_DATA,".TXT",,"TYPE") +$ _default_serfile_upd = "N" +$ ENDIF +$! +$ GET_CONF_DATA "[''_default_ca']#database" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _default_idxfile = F$PARSE (SSL_CONF_DATA,"SSL$ROOT:",,"DEVICE") + - + F$PARSE (SSL_CONF_DATA,"[DB]",,"DIRECTORY") + - + F$PARSE (SSL_CONF_DATA,"INDEX",,"NAME") + - + F$PARSE (SSL_CONF_DATA,".TXT",,"TYPE") +$ _default_idxfile_upd = "N" +$ ENDIF +$! +$ GET_CONF_DATA "[''_default_ca']#certificate" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _default_crtfile = F$PARSE (SSL_CONF_DATA,"SSL$ROOT:",,"DEVICE") + - + F$PARSE (SSL_CONF_DATA,"[CRT]",,"DIRECTORY") + - + F$PARSE (SSL_CONF_DATA,"SERVER_CA",,"NAME") + - + F$PARSE (SSL_CONF_DATA,".CRT",,"TYPE") +$ _default_crtfile_upd = "N" +$ ENDIF +$! +$ GET_CONF_DATA "[''_default_ca']#private_key" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _default_keyfile = F$PARSE (SSL_CONF_DATA,"SSL$ROOT:",,"DEVICE") + - + F$PARSE (SSL_CONF_DATA,"[KEY]",,"DIRECTORY") + - + F$PARSE (SSL_CONF_DATA,"SERVER_CA",,"NAME") + - + F$PARSE (SSL_CONF_DATA,".KEY",,"TYPE") +$ _default_keyfile_upd = "N" +$ ENDIF +$! +$ GET_CONF_DATA "[''_default_ca']#new_certs_dir" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _default_newcert = SSL_CONF_DATA +$ _default_newcert_upd = "N" +$ ENDIF +$! +$ GET_CONF_DATA "[''_default_ca']#default_md" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _default_md = SSL_CONF_DATA +$ _default_md_upd = "N" +$ ENDIF +$! +$ GET_CONF_DATA "[''_default_ca']#default_days" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _default_days = SSL_CONF_DATA +$ _default_days_upd = "N" +$ ENDIF +$! +$ GET_CONF_DATA "[''_default_ca']#policy" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _default_policy = SSL_CONF_DATA +$ _default_policy_upd = "N" +$ ENDIF +$! +$ GET_CONF_DATA "[''_default_policy']#countryName" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _policy_countryName = SSL_CONF_DATA +$ _policy_countryName_upd = "N" +$ ENDIF +$! +$ GET_CONF_DATA "[''_default_policy']#stateOrProvinceName" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _policy_stateOrProvinceName = SSL_CONF_DATA +$ _policy_stateOrProvinceName_upd = "N" +$ ENDIF +$! +$ GET_CONF_DATA "[''_default_policy']#localityName" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _policy_localityName = SSL_CONF_DATA +$ _policy_localityName_upd = "N" +$ ENDIF +$! +$ GET_CONF_DATA "[''_default_policy']#organizationName" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _policy_organizationName = SSL_CONF_DATA +$ _policy_organizationName_upd = "N" +$ ENDIF +$! +$ GET_CONF_DATA "[''_default_policy']#organizationalUnitName" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _policy_organizationalUnitName = SSL_CONF_DATA +$ _policy_organizationalUnitName_upd = "N" +$ ENDIF +$! +$ GET_CONF_DATA "[''_default_policy']#commonName" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _policy_commonName = SSL_CONF_DATA +$ _policy_commonName_upd = "N" +$ ENDIF +$! +$ GET_CONF_DATA "[''_default_policy']#emailAddress" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _policy_emailAddress = SSL_CONF_DATA +$ _policy_emailAddress_upd = "N" +$ ENDIF +$! +$ GET_CONF_DATA "[''_default_ca']#x509_extensions" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _default_x509_extensions = SSL_CONF_DATA +$ _default_x509_extensions_upd = "N" +$ ENDIF +$! +$ GET_CONF_DATA "[''_default_x509_extensions']#basicConstraints" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _x509_basicConstraints = SSL_CONF_DATA +$ _x509_basicConstraints_upd = "N" +$ ENDIF +$! +$ GET_CONF_DATA "[''_default_x509_extensions']#nsCertType" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _x509_nsCertType = SSL_CONF_DATA +$ _x509_nsCertType_upd = "N" +$ ENDIF +$! +$ GET_CONF_DATA "[''_default_x509_extensions']#nsComment" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _x509_nsComment = SSL_CONF_DATA +$ _x509_nsComment_upd = "N" +$ ENDIF +$! +$ GET_CONF_DATA "[''_default_x509_extensions']#subjectKeyIdentifier" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _x509_subjectKeyIdentifier = SSL_CONF_DATA +$ _x509_subjectKeyIdentifier_upd = "N" +$ ENDIF +$! +$ GET_CONF_DATA "[''_default_x509_extensions']#authorityKeyIdentifier" +$ IF SSL_CONF_DATA .NES. "" +$ THEN +$ _x509_authorityKeyIdentifier = SSL_CONF_DATA +$ _x509_authorityKeyIdentifier_upd = "N" +$ ENDIF +$ ENDIF +$! +$ SET_USER_DATA "[''_ca']#default_ca#D#''_default_ca'##S###''_default_ca_upd'#N#N" +$ SET_USER_DATA "[''_default_ca']#serial#D#''_default_serfile'#Serial File ?#F###''_default_serfile_upd'#N#N" +$ SET_USER_DATA "[''_default_ca']#database#D#''_default_idxfile'#Database File ?#F###''_default_idxfile_upd'#N#N" +$ SET_USER_DATA "[''_default_ca']#certificate#D#''_default_crtfile'#CA Certificate File ?#F###''_default_crtfile_upd'#Y#N" +$ SET_USER_DATA "[''_default_ca']#private_key#D#''_default_keyfile'#CA Certificate Key File ?#F###''_default_keyfile_upd'#Y#N" +$ SET_USER_DATA "[]#default_csrfile#-#''_default_csrfile'#Certificate Request File ?#F###''_default_csrfile_upd'#Y#N" +$ SET_USER_DATA "[]#default_sgnfile#-#''_default_sgnfile'#Signed Certificate File ?#F###''_default_sgnfile_upd'#Y#N" +$ SET_USER_DATA "[''_default_ca']#new_certs_dir#D#''_default_newcert'#New Certificate Directory ?#S###''_default_newcert_upd'#N#N" +$ SET_USER_DATA "[''_default_ca']#default_md#D#''_default_md'#Default Digest ?#I###''_default_md_upd'#N#N" +$ SET_USER_DATA "[''_default_ca']#default_days#D#''_default_days'#Default Days ?#I###''_default_days_upd'#Y#N" +$ SET_USER_DATA "[''_default_ca']#policy#D#''_default_policy'#Default Policy ?#S###''_default_policy_upd'#N#N" +$ SET_USER_DATA "[''_default_policy']#countryName#D#''_policy_countryName'#Country Name Policy ?#S###''_policy_countryName_upd'#N#N" +$ SET_USER_DATA "[''_default_policy']#stateOrProvinceName#D#''_policy_stateOrProvinceName'#State or Province Name Policy ?#S###''_policy_stateOrProvinceName_upd'#N#N" +$ SET_USER_DATA "[''_default_policy']#localityName#D#''_policy_localityName'#Locality Name Policy ?#S###''_policy_localityName_upd'#N#N" +$ SET_USER_DATA "[''_default_policy']#organizationName#D#''_policy_organizationName'#Organization Name Policy ?#S###''_policy_organizationName_upd'#N#N" +$ SET_USER_DATA "[''_default_policy']#organizationalUnitName#D#''_policy_organizationalUnitName'#Organization Unit Name Policy ?#S###''_policy_organizationalUnitName_upd'#N#N" +$ SET_USER_DATA "[''_default_policy']#commonName#D#''_policy_commonName'#Common Name Policy ?#S###''_policy_commonName_upd'#N#N" +$ SET_USER_DATA "[''_default_policy']#emailAddress#D#''_policy_emailAddress'#Email Address Policy ?#S###''_policy_emailAddress_upd'#N#N" +$ SET_USER_DATA "[''_default_ca']#x509_extensions#D#''_default_x509_extensions'#X509 Extensions ?#S###''_default_x509_extensions_upd'#N#N" +$ SET_USER_DATA "[''_default_x509_extensions']#basicConstraints#D#''_x509_basicConstraints'#X509 Basic Constraints ?#S###''_x509_basicConstraints_upd'#N#N" +$ SET_USER_DATA "[''_default_x509_extensions']#nsCertType#D#''_x509_nsCertType'#X509 NS Cert Type ?#S###''_x509_nsCertType_upd'#N#N" +$ SET_USER_DATA "[''_default_x509_extensions']#nsComment#D#''_x509_nsComment'#X509 NS Comment ?#S###''_x509_nsComment_upd'#N#N" +$ SET_USER_DATA "[''_default_x509_extensions']#subjectKeyIdentifier#D#''_x509_subjectKeyIdentifier'#X509 Subject Key Identifier ?#S###''_x509_subjectKeyIdentifier_upd'#N#N" +$ SET_USER_DATA "[''_default_x509_extensions']#authorityKeyIdentifier#D#''_x509_authorityKeyIdentifier'#X509 Authority Key Identifier ?#S###''_x509_authorityKeyIdentifier_upd'#N#N" +$ SET_USER_DATA "[]#pem_pass_phrase#-##PEM Pass Phrase ?#P#1###Y#N" +$ SET_USER_DATA "[]#display_certificate#-#N#Display the Certificate ?#S##1##Y#N" +$! +$ SAY ESC + "[''MSG_ROW';01H", CEOS +$! +$!------------------------------------------------------------------------------ +$! Confirm/Update the SSL Configuration Data +$!------------------------------------------------------------------------------ +$! +$PROMPT_LOOP: +$! +$ IF CTR .LE. SSL_USER_DATA_MAX +$ THEN +$ KEY = F$ELEMENT (0,"#",SSL_USER_DATA_'CTR') ! Key Name +$ ITM = F$ELEMENT (1,"#",SSL_USER_DATA_'CTR') ! Item Name +$ VAL = F$ELEMENT (2,"#",SSL_USER_DATA_'CTR') ! Item Value Contains Default or Prompt +$ DEF = F$ELEMENT (3,"#",SSL_USER_DATA_'CTR') ! Default Value +$ PRM = F$ELEMENT (4,"#",SSL_USER_DATA_'CTR') ! Prompt Value +$ TYP = F$ELEMENT (5,"#",SSL_USER_DATA_'CTR') ! Value Type +$ MIN = F$ELEMENT (6,"#",SSL_USER_DATA_'CTR') ! Value Minimum Length +$ MAX = F$ELEMENT (7,"#",SSL_USER_DATA_'CTR') ! Value Maximum Length +$ UPD = F$ELEMENT (8,"#",SSL_USER_DATA_'CTR') ! Entry Updated ? +$ REQ = F$ELEMENT (9,"#",SSL_USER_DATA_'CTR') ! Entry Required for Input ? +$ CFM = F$ELEMENT (10,"#",SSL_USER_DATA_'CTR')! Confirm Input ? +$ CONFIRMED = 0 +$ IF REQ .EQS. "N" +$ THEN +$ CTR = CTR + 1 +$ GOTO PROMPT_LOOP +$ ENDIF +$ IF ROW .GT. MSG_ROW - 2 +$ THEN +$ SAY ESC + "[''TOP_ROW';01H", CEOS +$ ROW = TOP_ROW +$ ENDIF +$! +$CONFIRM_LOOP: +$! +$ IF PRM .EQS. "" +$ THEN +$ PROMPT = ESC + "[''ROW';''COL'H''ITM' ? [''DEF'] ''CEOL'" +$ ELSE +$ PROMPT = ESC + "[''ROW';''COL'H''PRM' [''DEF'] ''CEOL'" +$ ENDIF +$ IF TYP .EQS. "P" THEN SET TERMINAL /NOECHO +$ ASK "''PROMPT'" ANS /END_OF_FILE=EXIT +$ IF TYP .EQS. "P" THEN SET TERMINAL /ECHO +$ ANS = F$EDIT (ANS,"TRIM") +$ IF ANS .EQS. "" THEN ANS = DEF +$ IF TYP .EQS. "F" +$ THEN +$ ANS = F$PARSE ("''ANS'","''DEF'",,,"SYNTAX_ONLY") +$ ENDIF +$ IF TYP .EQS. "I" .AND. F$TYPE (ANS) .NES. "INTEGER" +$ THEN +$ CALL INVALID_ENTRY +$ SAY ESC + "[''ROW';01H", CEOS +$ GOTO PROMPT_LOOP +$ ENDIF +$ IF (TYP .EQS. "S" .OR. TYP .EQS. "P") .AND. - + ((MIN .NES. "" .AND. F$LENGTH (ANS) .LT. F$INTEGER(MIN)) .OR. - + (MAX .NES. "" .AND. F$LENGTH (ANS) .GT. F$INTEGER(MAX))) +$ THEN +$ CALL INVALID_ENTRY +$ SAY ESC + "[''ROW';01H", CEOS +$ IF TYP .EQS. "S" THEN GOTO PROMPT_LOOP +$ IF TYP .EQS. "P" THEN GOTO CONFIRM_LOOP +$ ENDIF +$ ROW = ROW + 1 +$ IF CFM .EQS. "Y" +$ THEN +$ IF CONFIRMED .EQ. 0 +$ THEN +$ CONFIRMED = 1 +$ CONFIRMED_ANS = ANS +$ PRM = "Confirm ''PRM'" +$ GOTO CONFIRM_LOOP +$ ELSE +$ IF ANS .NES. CONFIRMED_ANS +$ THEN +$ CALL INVALID_ENTRY +$ ROW = ROW - 2 +$ SAY ESC + "[''ROW';01H", CEOS +$ GOTO PROMPT_LOOP +$ ENDIF +$ ENDIF +$ ENDIF +$ IF ANS .NES. DEF THEN SSL_USER_DATA_'CTR' = "''KEY'#''ITM'#''VAL'#''ANS'#''PRM'#''TYP'#''MIN'#''MAX'#Y#''REQ'#''CFM'" +$ CTR = CTR + 1 +$ GOTO PROMPT_LOOP +$ ENDIF +$! +$!------------------------------------------------------------------------------ +$! Save the SSL Configuration Data +$!------------------------------------------------------------------------------ +$! +$ CTR = 1 +$ SAY ESC + "[''MSG_ROW';01H", BLNK, " Saving Configuration ...", NORM +$! +$SAVE_CONF_LOOP: +$! +$ IF CTR .LE. SSL_USER_DATA_MAX +$ THEN +$ KEY = F$ELEMENT (0,"#",SSL_USER_DATA_'CTR') ! Key Name +$ ITM = F$ELEMENT (1,"#",SSL_USER_DATA_'CTR') ! Item Name +$ VAL = F$ELEMENT (2,"#",SSL_USER_DATA_'CTR') ! Item Value Contains Default or Prompt +$ DEF = F$ELEMENT (3,"#",SSL_USER_DATA_'CTR') ! Default Value +$ PRM = F$ELEMENT (4,"#",SSL_USER_DATA_'CTR') ! Prompt Value +$ TYP = F$ELEMENT (5,"#",SSL_USER_DATA_'CTR') ! Value Type +$ MIN = F$ELEMENT (6,"#",SSL_USER_DATA_'CTR') ! Value Minimum Length +$ MAX = F$ELEMENT (7,"#",SSL_USER_DATA_'CTR') ! Value Maximum Length +$ UPD = F$ELEMENT (8,"#",SSL_USER_DATA_'CTR') ! Entry Updated ? +$ REQ = F$ELEMENT (9,"#",SSL_USER_DATA_'CTR') ! Entry Required for Input ? +$ CFM = F$ELEMENT (10,"#",SSL_USER_DATA_'CTR')! Confirm Input ? +$ IF UPD .NES. "Y" .OR. VAL .EQS. "-" +$ THEN +$ CTR = CTR + 1 +$ GOTO SAVE_CONF_LOOP +$ ENDIF +$ IF VAL .EQS. "D" +$ THEN +$ SET_CONF_DATA "''KEY'#''ITM'" "''DEF'" +$ ELSE +$ SET_CONF_DATA "''KEY'#''ITM'" "''PRM'" +$ SET_CONF_DATA "''KEY'#''ITM'_default" "''DEF'" +$ ENDIF +$ IF MIN .NES. "" THEN SET_CONF_DATA "''KEY'#''ITM'_min" "''MIN'" +$ IF MAX .NES. "" THEN SET_CONF_DATA "''KEY'#''ITM'_max" "''MAX'" +$ CTR = CTR + 1 +$ GOTO SAVE_CONF_LOOP +$ ENDIF +$! +$ PURGE /NOLOG /NOCONFIRM 'SSL_CONF_FILE' +$ RENAME 'SSL_CONF_FILE'; ;1 +$! +$ SAY ESC + "[''MSG_ROW';01H", CEOS +$! +$!------------------------------------------------------------------------------ +$! Create the Certificiate Authority +$!------------------------------------------------------------------------------ +$! +$SKIP: +$! +$ SAY ESC + "[''MSG_ROW';01H", BLNK, " Signing Certificate Request ...", NORM +$! +$ X1 = 2 +$ Y1 = TOP_ROW +$ X2 = TT_COLS - 2 +$ Y2 = MSG_ROW - 1 +$! +$ GET_USER_DATA "[]#pem_pass_phrase" +$ _pem_pass_phrase = SSL_USER_DATA +$ GET_USER_DATA "[''_default_ca']#database" +$ _default_idxfile = SSL_USER_DATA +$ GET_USER_DATA "[''_default_ca']#serial" +$ _default_serfile = SSL_USER_DATA +$ GET_USER_DATA "[]#default_csrfile" +$ _default_csrfile = SSL_USER_DATA +$ GET_USER_DATA "[]#default_sgnfile" +$ _default_sgnfile = SSL_USER_DATA +$ GET_USER_DATA "[]#display_certificate" +$ _display_certificate = SSL_USER_DATA +$! +$ IF F$SEARCH ("''_default_idxfile'") .EQS. "" +$ THEN +$ OPEN /WRITE OFILE '_default_idxfile' +$ CLOSE OFILE +$ ENDIF +$! +$ IF F$SEARCH ("''_default_serfile'") .EQS. "" +$ THEN +$ OPEN /WRITE OFILE '_default_serfile' +$ WRITE OFILE "01" +$ CLOSE OFILE +$ ENDIF +$! +$ DEFINE /USER /NOLOG SYS$ERROR NL: +$ DEFINE /USER /NOLOG SYS$OUTPUT NL: +$ SHOW SYSTEM /FULL /OUT=SYS$LOGIN:SSL_CA_'PID'.RND +$! +$ OPEN /WRITE OFILE SYS$LOGIN:SSL_CA_'PID'.COM +$ WRITE OFILE "$ SET NOON" +$ WRITE OFILE "$ SET MESSAGE /NOFACILITY /NOIDENTIFICATION /NOSEVERITY /NOTEXT" +$ WRITE OFILE "$ DEFINE /USER /NOLOG RANDFILE SYS$LOGIN:SSL_CA_''PID'.RND" +$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$ERROR SYS$LOGIN:SSL_CA_''PID'.LOG" +$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$OUTPUT SYS$LOGIN:SSL_CA_''PID'.LOG" +$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$COMMAND SYS$INPUT" +$ WRITE OFILE "$ OPENSSL ca -config ''SSL_CONF_FILE' -out ''_default_sgnfile' -infiles ''_default_csrfile'" +$ WRITE OFILE "''_pem_pass_phrase'" +$ WRITE OFILE "y" +$ WRITE OFILE "y" +$ WRITE OFILE "$ SET MESSAGE /FACILITY /IDENTIFICATION /SEVERITY /TEXT" +$ CLOSE OFILE +$! +$ @SYS$LOGIN:SSL_CA_'PID'.COM +$! +$ DELETE/NOLOG/NOCONFIRM SYS$LOGIN:SSL_CA_'PID'.RND;* +$ DELETE/NOLOG/NOCONFIRM SYS$LOGIN:SSL_CA_'PID'.COM;* +$! +$ DEFINE /USER /NOLOG SYS$ERROR NL: +$ DEFINE /USER /NOLOG SYS$OUTPUT NL: +$ SEARCH SYS$LOGIN:SSL_CA_'PID'.LOG /OUT=SYS$LOGIN:SSL_CA_'PID'.ERR "error:" +$ IF F$SEARCH ("SYS$LOGIN:SSL_CA_''PID'.ERR") .NES. "" +$ THEN +$ IF F$FILE_ATTRIBUTE ("SYS$LOGIN:SSL_CA_''PID'.ERR","ALQ") .NE. 0 +$ THEN +$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_CA_'PID'.ERR;* +$ SAY ESC + "[''MSG_ROW';01H''BELL'''CEOS'" +$ SHOW_FILE "SYS$LOGIN:SSL_CA_''PID'.LOG" 'X1' 'Y1' 'X2' 'Y2' "< ERROR >" +$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_CA_'PID'.LOG;* +$ GOTO EXIT +$ ENDIF +$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_CA_'PID'.ERR;* +$ ENDIF +$! +$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_CA_'PID'.LOG;* +$! +$ IF F$EDIT (_display_certificate,"TRIM,UPCASE") .EQS. "Y" +$ THEN +$ SAY ESC + "[''MSG_ROW';01H", BLNK, " Generating Output ...", NORM, CEOL +$! +$ OPEN /WRITE OFILE SYS$LOGIN:SSL_X509_'PID'.COM +$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$ERROR SYS$LOGIN:SSL_X509_''PID'.LOG" +$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$OUTPUT SYS$LOGIN:SSL_X509_''PID'.LOG" +$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$COMMAND SYS$INPUT" +$ WRITE OFILE "$ OPENSSL x509 -noout -text -in ''_default_sgnfile'" +$ CLOSE OFILE +$! +$ @SYS$LOGIN:SSL_X509_'PID'.COM +$! +$ DELETE/NOLOG/NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.COM;* +$! +$ DEFINE /USER /NOLOG SYS$ERROR NL: +$ DEFINE /USER /NOLOG SYS$OUTPUT NL: +$ SEARCH SYS$LOGIN:SSL_X509_'PID'.LOG /OUT=SYS$LOGIN:SSL_X509_'PID'.ERR ":error:" +$ IF F$SEARCH ("SYS$LOGIN:SSL_X509_''PID'.ERR") .NES. "" +$ THEN +$ IF F$FILE_ATTRIBUTE ("SYS$LOGIN:SSL_X509_''PID'.ERR","ALQ") .NE. 0 +$ THEN +$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.ERR;* +$ SAY ESC + "[''MSG_ROW';01H''BELL'''CEOS'" +$ SHOW_FILE "SYS$LOGIN:SSL_X509_''PID'.LOG" 'X1' 'Y1' 'X2' 'Y2' "< ERROR >" +$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.LOG;* +$ GOTO EXIT +$ ENDIF +$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.ERR;* +$ ENDIF +$! +$ SAY ESC + "[''MSG_ROW';01H''CEOS'" +$ SHOW_FILE "SYS$LOGIN:SSL_X509_''PID'.LOG" 'X1' 'Y1' 'X2' 'Y2' "< ''_default_sgnfile' >" +$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.LOG;* +$ GOTO EXIT +$ ENDIF +$! +$ TEXT = "Press return to continue" +$ COL = (TT_COLS - F$LENGTH (TEXT)) / 2 +$! +$ SAY ESC + "[''MSG_ROW';01H", CEOS +$ PROMPT = ESC + "[''MSG_ROW';''COL'H''TEXT'" +$ ASK "''PROMPT'" OPT +$! +$GOTO EXIT +$! +$!------------------------------------------------------------------------------ +$! Set the User Data +$!------------------------------------------------------------------------------ +$! +$SET_USER_DATA: SUBROUTINE +$! +$ IF F$TYPE (SSL_USER_DATA_MAX) .EQS. "" +$ THEN +$ SSL_USER_DATA_MAX == 1 +$ ELSE +$ SSL_USER_DATA_MAX == SSL_USER_DATA_MAX + 1 +$ ENDIF +$! +$ SSL_USER_DATA_'SSL_USER_DATA_MAX' == "''P1'" +$! +$ EXIT +$! +$ ENDSUBROUTINE +$! +$!------------------------------------------------------------------------------ +$! Find the Request Data +$!------------------------------------------------------------------------------ +$! +$GET_USER_DATA: SUBROUTINE +$! +$ CTR = 1 +$ USER_KEY = F$ELEMENT (0,"#",P1) +$ USER_ITM = F$ELEMENT (1,"#",P1) +$! +$GET_USER_DATA_LOOP: +$! +$ IF CTR .LE. SSL_USER_DATA_MAX +$ THEN +$ KEY = F$ELEMENT (0,"#",SSL_USER_DATA_'CTR') ! Key Name +$ ITM = F$ELEMENT (1,"#",SSL_USER_DATA_'CTR') ! Item Name +$ VAL = F$ELEMENT (2,"#",SSL_USER_DATA_'CTR') ! Item Value Contains Default or Prompt +$ DEF = F$ELEMENT (3,"#",SSL_USER_DATA_'CTR') ! Default Value +$ PRM = F$ELEMENT (4,"#",SSL_USER_DATA_'CTR') ! Prompt Value +$ IF USER_KEY .NES. KEY .OR. USER_ITM .NES. ITM +$ THEN +$ CTR = CTR + 1 +$ GOTO GET_USER_DATA_LOOP +$ ENDIF +$ IF VAL .EQS. "-" THEN SSL_USER_DATA == "''DEF'" +$ IF VAL .EQS. "D" THEN SSL_USER_DATA == "''DEF'" +$ IF VAL .EQS. "P" THEN SSL_USER_DATA == "''PRM'" +$ ENDIF +$! +$ EXIT +$! +$ ENDSUBROUTINE +$! +$!------------------------------------------------------------------------------ +$! Delete the User Data +$!------------------------------------------------------------------------------ +$! +$DEL_USER_DATA: SUBROUTINE +$! +$ IF F$TYPE (SSL_USER_DATA_MAX) .EQS. "" THEN GOTO DEL_USER_DATA_END +$! +$DEL_USER_DATA_LOOP: +$! +$ IF F$TYPE (SSL_USER_DATA_'SSL_USER_DATA_MAX') .NES. "" +$ THEN +$ DELETE /SYMBOL /GLOBAL SSL_USER_DATA_'SSL_USER_DATA_MAX' +$ SSL_USER_DATA_MAX == SSL_USER_DATA_MAX - 1 +$ GOTO DEL_USER_DATA_LOOP +$ ENDIF +$! +$ DELETE /SYMBOL /GLOBAL SSL_USER_DATA_MAX +$! +$DEL_USER_DATA_END: +$! +$ IF F$TYPE (SSL_USER_DATA) .NES. "" THEN DELETE /SYMBOL /GLOBAL SSL_USER_DATA +$! +$ EXIT +$! +$ ENDSUBROUTINE +$! +$!------------------------------------------------------------------------------ +$! Display the invalid entry +$!------------------------------------------------------------------------------ +$! +$INVALID_ENTRY: SUBROUTINE +$! +$ SAY ESC + "[''MSG_ROW';01H", BELL, " Invalid Entry, Try again ...''CEOL'" +$ Wait 00:00:01.5 +$ SAY ESC + "[''MSG_ROW';01H", CEOL +$! +$ EXIT +$! +$ ENDSUBROUTINE +$! +$!------------------------------------------------------------------------------ +$! Exit the procedure +$!------------------------------------------------------------------------------ +$! +$EXIT: +$! +$ DEFINE /USER /NOLOG SYS$ERROR NL: +$ DEFINE /USER /NOLOG SYS$OUTPUT NL: +$ DEASSIGN SYS$OUTPUT +$! +$ DEFINE /USER /NOLOG SYS$ERROR NL: +$ DEFINE /USER /NOLOG SYS$OUTPUT NL: +$ DEASSIGN SYS$ERROR +$! +$ DEFINE /USER /NOLOG SYS$ERROR NL: +$ DEFINE /USER /NOLOG SYS$OUTPUT NL: +$ CLOSE OFILE +$! +$ DEL_USER_DATA +$! +$ IF F$TYPE (SSL_CONF_DATA) .NES. "" THEN DELETE /SYMBOL /GLOBAL SSL_CONF_DATA +$! +$ IF F$GETDVI ("TT:","TT_NOECHO") .AND. .NOT. TT_NOECHO THEN SET TERMINAL /ECHO +$! +$ IF F$SEARCH ("SYS$LOGIN:SSL_CA_''PID'.%%%;*") .NES. "" THEN DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_CA_'PID'.%%%;* +$ IF F$SEARCH ("SYS$LOGIN:SSL_X509_''PID'.%%%;*") .NES. "" THEN DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.%%%;* +$! +$ Verify = F$VERIFY (Verify) +$! +$ EXIT diff --git a/VMS/cert_tool/ssl$view_cert.com b/VMS/cert_tool/ssl$view_cert.com new file mode 100644 index 000000000..acd72ef8a --- /dev/null +++ b/VMS/cert_tool/ssl$view_cert.com @@ -0,0 +1,245 @@ +$! +$!------------------------------------------------------------------------------ +$! SSL$VIEW_CERT.COM - SSL View Certificate procedure +$!------------------------------------------------------------------------------ +$! +$ Verify = F$VERIFY (0) +$ Set NoOn +$ Set NoControl=Y +$! +$!------------------------------------------------------------------------------ +$! Description +$!------------------------------------------------------------------------------ +$! +$! This procedure prompts the user through creating a Server Certificate. +$! +$! The parameters used are: +$! +$! P1 - Certificate or Certificate Request (i.e. "CRT" or "CSR") +$! +$!------------------------------------------------------------------------------ +$! Define symbols +$!------------------------------------------------------------------------------ +$! +$ DELETE := DELETE +$ SAY := WRITE SYS$OUTPUT +$ ASK := READ SYS$COMMAND /END_OF_FILE=EXIT /PROMPT= +$ PID = F$GETJPI ("","PID") +$ TT_NOECHO = F$GETDVI ("TT:","TT_NOECHO") +$ On Control_Y THEN GOTO EXIT +$ Set Control=Y +$! +$ TT_ROWS = F$GETDVI ("TT:","TT_PAGE") +$ TT_COLS = F$GETDVI ("TT:","DEVBUFSIZ") +$! +$ INIT_TERM := @SSL$COM:SSL$INIT_TERM +$ PICK_FILE := @SSL$COM:SSL$PICK_FILE +$ SHOW_FILE := @SSL$COM:SSL$SHOW_FILE +$! +$ ESC[0,8] = 27 ! Set the Escape Character +$ BELL[0,8] = 7 ! Ring the terminal Bell +$ RED = 1 ! Color - Red +$ FGD = 30 ! Foreground +$ BGD = 0 ! Background +$ CSCR = ESC + "[2J" ! Clear the Screen +$ CEOS = ESC + "[0J" ! Clear to the End of the Screen +$ CEOL = ESC + "[0K" ! Clear to the End of the Line +$ NORM = ESC + "[0m" ! Turn Attributes off +$ BLNK = ESC + "[5m" ! Turn on BLINK Attribute +$ WIDE = ESC + "#6" ! Turn on WIDE Attribute +$! +$!------------------------------------------------------------------------------ +$! Run the SSL setup if it hasn't been run yet +$!------------------------------------------------------------------------------ +$! +$ IF F$TRNLNM ("SSL$ROOT") .EQS. "" +$ THEN +$ IF F$SEARCH ("SSL$COM:SSL$INIT_ENV.COM") .NES. "" +$ THEN +$ @SSL$COM:SSL$INIT_ENV.COM +$ ELSE +$ SAY BELL, "Unable to locate SSL$COM:SSL$INIT_ENV.COM ..." +$ GOTO EXIT +$ ENDIF +$ ENDIF +$! +$!------------------------------------------------------------------------------ +$! Display the Page Header +$!------------------------------------------------------------------------------ +$! +$ INIT_TERM +$ BCOLOR = BGD +$ FCOLOR = FGD + RED +$ COLOR = ESC + "[''BCOLOR';''FCOLOR'm" +$! +$ TEXT = "SSL Certificate Tool" +$ COL = (TT_COLS - (F$LENGTH (TEXT) * 2)) / 4 +$! +$ SAY ESC + "[01;01H", CSCR +$ SAY ESC + "[02;''COL'H", COLOR, WIDE, TEXT, NORM +$! +$ IF P1 .EQS. "CSR" +$ THEN +$ TEXT = "View Certificate Request" +$ ELSE +$ TEXT = "View Certificate" +$ ENDIF +$ COL = (TT_COLS - F$LENGTH (TEXT)) / 2 +$! +$ SAY ESC + "[04;01H" +$ SAY ESC + "[04;''COL'H", COLOR, TEXT, NORM +$! +$ CTR = 1 +$ ROW = 6 +$ COL = 2 +$ TOP_ROW = ROW +$ MSG_ROW = TT_ROWS - 1 +$! +$!------------------------------------------------------------------------------ +$! Initialize the Request Data +$!------------------------------------------------------------------------------ +$! +$ IF P1 .NES. "CRT" .AND. P1 .NES. "CSR" +$ THEN +$ PRM = "Display File:" +$ DEF = "*.*" +$ ENDIF +$! +$ IF P1 .EQS. "CRT" +$ THEN +$ PRM = "Display Certificate File:" +$ DEF = "SSL$CRT:*.CRT" +$ ENDIF +$! +$ IF P1 .EQS. "CSR" +$ THEN +$ PRM = "Display Certificate Request File:" +$ DEF = "SSL$CSR:*.CSR" +$ ENDIF +$! +$ SAY ESC + "[''MSG_ROW';01H", CEOS +$! +$!------------------------------------------------------------------------------ +$! Confirm/Update the SSL Configuration Data +$!------------------------------------------------------------------------------ +$! +$PROMPT_LOOP: +$! +$ PROMPT = ESC + "[''ROW';''COL'H''PRM' ? [''DEF'] ''CEOL'" +$ ASK "''PROMPT'" _view_file_name +$ _view_file_name = F$EDIT (_view_file_name,"TRIM") +$ IF _view_file_name .EQS. "" THEN _view_file_name = DEF +$! +$ X1 = 2 +$ Y1 = TOP_ROW +$ X2 = TT_COLS - 2 +$ Y2 = MSG_ROW - 1 +$! +$PICK_FILE: +$! +$ PICK_FILE "''_view_file_name'" 'X1' 'Y1' 'X2' 'Y2' "< Select a File >" +$! +$ SAY ESC + "[''TOP_ROW';01H", CEOS +$! +$ IF SSL_FILE_NAME .EQS. "" THEN GOTO EXIT +$! +$!------------------------------------------------------------------------------ +$! Create the Certificiate Authority +$!------------------------------------------------------------------------------ +$! +$ SAY ESC + "[''MSG_ROW';01H", BLNK, " Generating Output ...", NORM, CEOL +$! +$ IF P1 .EQS. "CRT" +$ THEN +$ OPEN /WRITE OFILE SYS$LOGIN:SSL_X509_'PID'.COM +$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$ERROR SYS$LOGIN:SSL_X509_''PID'.LOG" +$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$OUTPUT SYS$LOGIN:SSL_X509_''PID'.LOG" +$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$COMMAND SYS$INPUT" +$ WRITE OFILE "$ OPENSSL x509 -noout -text -in ''SSL_FILE_NAME'" +$ CLOSE OFILE +$! +$ @SYS$LOGIN:SSL_X509_'PID'.COM +$! +$ DELETE/NOLOG/NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.COM;* +$! +$ DEFINE /USER /NOLOG SYS$ERROR NL: +$ DEFINE /USER /NOLOG SYS$OUTPUT NL: +$ SEARCH SYS$LOGIN:SSL_X509_'PID'.LOG /OUT=SYS$LOGIN:SSL_X509_'PID'.ERR ":error:" +$ IF F$SEARCH ("SYS$LOGIN:SSL_X509_''PID'.ERR") .NES. "" +$ THEN +$ IF F$FILE_ATTRIBUTE ("SYS$LOGIN:SSL_X509_''PID'.ERR","ALQ") .NE. 0 +$ THEN +$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.ERR;* +$ SAY ESC + "[''MSG_ROW';01H''BELL'''CEOS'" +$ SHOW_FILE "SYS$LOGIN:SSL_X509_''PID'.LOG" 'X1' 'Y1' 'X2' 'Y2' "< ERROR >" +$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.LOG;* +$ GOTO EXIT +$ ENDIF +$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.ERR;* +$ ENDIF +$! +$ SAY ESC + "[''MSG_ROW';01H''CEOS'" +$ SHOW_FILE "SYS$LOGIN:SSL_X509_''PID'.LOG" 'X1' 'Y1' 'X2' 'Y2' "< ''SSL_FILE_NAME' >" +$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.LOG;* +$ GOTO PICK_FILE +$ ENDIF +$! +$ IF P1 .EQS. "CSR" +$ THEN +$ OPEN /WRITE OFILE SYS$LOGIN:SSL_REQ_'PID'.COM +$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$ERROR SYS$LOGIN:SSL_REQ_''PID'.LOG" +$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$OUTPUT SYS$LOGIN:SSL_REQ_''PID'.LOG" +$ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$COMMAND SYS$INPUT" +$ WRITE OFILE "$ OPENSSL req -noout -text -in ''SSL_FILE_NAME'" +$ CLOSE OFILE +$! +$ @SYS$LOGIN:SSL_REQ_'PID'.COM +$! +$ DELETE/NOLOG/NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.COM;* +$! +$ DEFINE /USER /NOLOG SYS$ERROR NL: +$ DEFINE /USER /NOLOG SYS$OUTPUT NL: +$ SEARCH SYS$LOGIN:SSL_REQ_'PID'.LOG /OUT=SYS$LOGIN:SSL_REQ_'PID'.ERR ":error:" +$ IF F$SEARCH ("SYS$LOGIN:SSL_REQ_''PID'.ERR") .NES. "" +$ THEN +$ IF F$FILE_ATTRIBUTE ("SYS$LOGIN:SSL_REQ_''PID'.ERR","ALQ") .NE. 0 +$ THEN +$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.ERR;* +$ SAY ESC + "[''MSG_ROW';01H''BELL'''CEOS'" +$ SHOW_FILE "SYS$LOGIN:SSL_REQ_''PID'.LOG" 'X1' 'Y1' 'X2' 'Y2' "< ERROR >" +$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.LOG;* +$ GOTO EXIT +$ ENDIF +$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.ERR;* +$ ENDIF +$! +$ SAY ESC + "[''MSG_ROW';01H''CEOS'" +$ SHOW_FILE "SYS$LOGIN:SSL_REQ_''PID'.LOG" 'X1' 'Y1' 'X2' 'Y2' "< ''SSL_FILE_NAME' >" +$ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.LOG;* +$ GOTO PICK_FILE +$ ENDIF +$! +$ SAY ESC + "[''MSG_ROW';01H''CEOS'" +$ SHOW_FILE "''SYS$LOGIN:SSL_FILE_NAME'" 'X1' 'Y1' 'X2' 'Y2' "< ''SSL_FILE_NAME' >" +$ GOTO PICK_FILE +$! +$!------------------------------------------------------------------------------ +$! Exit the procedure +$!------------------------------------------------------------------------------ +$! +$EXIT: +$! +$ DEFINE /USER /NOLOG SYS$ERROR NL: +$ DEFINE /USER /NOLOG SYS$OUTPUT NL: +$ CLOSE OFILE +$! +$ IF F$TYPE (SSL_FILE_NAME) .NES. "" THEN DELETE /SYMBOL /GLOBAL SSL_FILE_NAME +$! +$ IF F$GETDVI ("TT:","TT_NOECHO") .AND. .NOT. TT_NOECHO THEN SET TERMINAL /ECHO +$! +$ IF F$SEARCH ("SYS$LOGIN:SSL_REQ_''PID'.%%%;*") .NES. "" THEN DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_REQ_'PID'.%%%;* +$ IF F$SEARCH ("SYS$LOGIN:SSL_X509_''PID'.%%%;*") .NES. "" THEN DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL_X509_'PID'.%%%;* +$! +$ Verify = F$VERIFY (Verify) +$! +$ EXIT diff --git a/VMS/install.com b/VMS/install.com index f62635f24..b134b2706 100644 --- a/VMS/install.com +++ b/VMS/install.com @@ -26,47 +26,129 @@ $ DEFINE/NOLOG WRK_SSLVEXE WRK_SSLROOT:[VAX_EXE] $ DEFINE/NOLOG WRK_SSLAEXE WRK_SSLROOT:[ALPHA_EXE] $ DEFINE/NOLOG WRK_SSLCERTS WRK_SSLROOT:[CERTS] $ DEFINE/NOLOG WRK_SSLPRIVATE WRK_SSLROOT:[PRIVATE] +$ DEFINE/NOLOG WRK_SSLCOM WRK_SSLROOT:[COM] $ $ IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN - CREATE/DIR/LOG WRK_SSLROOT:[000000] $ IF F$PARSE("WRK_SSLINCLUDE:") .EQS. "" THEN - CREATE/DIR/LOG WRK_SSLINCLUDE: -$ IF F$PARSE("WRK_SSLROOT:[VMS]") .EQS. "" THEN - - CREATE/DIR/LOG WRK_SSLROOT:[VMS] +$! IF F$PARSE("WRK_SSLROOT:[VMS]") .EQS. "" THEN - +$! CREATE/DIR/LOG WRK_SSLROOT:[VMS] +$ IF F$PARSE("WRK_SSLCOM:") .EQS. "" THEN - + CREATE/DIR/LOG WRK_SSLROOT:[COM] $ $ IF F$SEARCH("WRK_SSLINCLUDE:vms_idhacks.h") .NES. "" THEN - DELETE WRK_SSLINCLUDE:vms_idhacks.h;* $ -$ OPEN/WRITE SF WRK_SSLROOT:[VMS]OPENSSL_STARTUP.COM -$ WRITE SYS$OUTPUT "%OPEN-I-CREATED, ",F$SEARCH("WRK_SSLROOT:[VMS]OPENSSL_STARTUP.COM")," created." -$ WRITE SF "$! Startup file for Openssl 0.9.2-RL 15-Mar-1999" +$ OPEN/WRITE SF WRK_SSLCOM:SSL$STARTUP.COM +$ WRITE SYS$OUTPUT "%OPEN-I-CREATED, ",F$SEARCH("WRK_SSLCOM:SSL$STARTUP.COM")," created." +$ WRITE SF "$! Startup file for SSL 0.9.2-RL 15-Mar-1999" $ WRITE SF "$!" $ WRITE SF "$! Do not edit this file, as it will be regenerated during next installation." -$ WRITE SF "$! Instead, add or change SSLROOT:[VMS]OPENSSL_SYSTARTUP.COM" +$ WRITE SF "$! Instead, add or change SSL$COM:SSL$SYSTARTUP.COM" $ WRITE SF "$!" -$ WRITE SF "$! P1 a qualifier to DEFINE. For example ""/SYSTEM"" to get the logical names" -$ WRITE SF "$! defined in the system logical name table." $ WRITE SF "$!" $ WRITE SF "$ ARCH = ""VAX""" $ WRITE SF "$ IF F$GETSYI(""CPU"") .GE. 128 THEN ARCH = ""ALPHA""" -$ WRITE SF "$ DEFINE/NOLOG'P1 SSLROOT ",ROOT,".] /TRANS=CONC" -$ WRITE SF "$ DEFINE/NOLOG'P1 SSLLIB SSLROOT:['ARCH'_LIB]" -$ WRITE SF "$ DEFINE/NOLOG'P1 SSLINCLUDE SSLROOT:[INCLUDE]" -$ WRITE SF "$ DEFINE/NOLOG'P1 SSLEXE SSLROOT:['ARCH'_EXE]" -$ WRITE SF "$ DEFINE/NOLOG'P1 SSLCERTS SSLROOT:[CERTS]" -$ WRITE SF "$ DEFINE/NOLOG'P1 SSLPRIVATE SSLROOT:[PRIVATE]" +$ WRITE SF "$!" +$ WRITE SF "$ IF F$SEARCH(""SYS$STARTUP:SSL$DEFINE_ROOT.COM"") .NES."""" THEN -" +$ WRITE SF "$ @SYS$STARTUP:SSL$DEFINE_ROOT.COM" +$ WRITE SF "$!" +$ WRITE SF "$!" +$ WRITE SF "$ DEFINE/NOLOG/SYSTEM/EXEC SSL$CERTS SSL$ROOT:[CERTS]" +$ WRITE SF "$ DEFINE/NOLOG/SYSTEM/EXEC SSL$COM SSL$ROOT:[COM]" +$ WRITE SF "$ DEFINE/NOLOG/SYSTEM/EXEC SSL$EXE SSL$ROOT:['ARCH'_EXE]" +$ WRITE SF "$ DEFINE/NOLOG/SYSTEM/EXEC SSL$INCLUDE SSL$ROOT:[INCLUDE]" +$ WRITE SF "$ DEFINE/NOLOG/SYSTEM/EXEC SSL$KEY SSL$ROOT:[CERTS]" +$ WRITE SF "$ DEFINE/NOLOG/SYSTEM/EXEC SSL$PRIVATE SSL$ROOT:[PRIVATE]" $ WRITE SF "$" $ WRITE SF "$! This is program can include " -$ WRITE SF "$ DEFINE/NOLOG'P1 OPENSSL SSLINCLUDE:" -$ WRITE SF "$" -$ WRITE SF "$ IF F$SEARCH(""SSLROOT:[VMS]OPENSSL_SYSTARTUP.COM"") .NES."""" THEN -" -$ WRITE SF " @SSLROOT:[VMS]OPENSSL_SYSTARTUP.COM" +$ WRITE SF "$ DEFINE/NOLOG/SYSTEM/EXEC OPENSSL SSL$INCLUDE:" +$ WRITE SF "$!" +$ WRITE SF "$ IF F$SEARCH(""SSL$COM:SSL$SYSTARTUP.COM"") .NES."""" THEN -" +$ WRITE SF " @SSL$COM:SSL$SYSTARTUP.COM" $ WRITE SF "$" $ WRITE SF "$ EXIT" $ CLOSE SF -$ SET FILE/PROT=WORLD:RE WRK_SSLROOT:[VMS]OPENSSL_STARTUP.COM -$ -$ COPY OPENSSL_UTILS.COM WRK_SSLROOT:[VMS]/LOG -$ SET FILE/PROT=WORLD:RE WRK_SSLROOT:[VMS]OPENSSL_UTILS.COM -$ +$ SET FILE/PROT=WORLD:RE WRK_SSLCOM:SSL$STARTUP.COM +$! +$ OPEN/WRITE SF WRK_SSLCOM:SSL$SHUTDOWN.COM +$ WRITE SYS$OUTPUT "%OPEN-I-CREATED, ",F$SEARCH("WRK_SSLCOM:SSL$SHUTDOWN.COM")," created." +$ WRITE SF "$! Shutdown file for SSL" +$ WRITE SF "$!" +$ WRITE SF "$! Do not edit this file, as it will be regenerated during next installation." +$ WRITE SF "$!" +$ WRITE SF "$ ARCH = ""VAX""" +$ WRITE SF "$ IF F$GETSYI(""CPU"") .GE. 128 THEN ARCH = ""ALPHA""" +$ WRITE SF "$!" +$ WRITE SF "$ IF F$SEARCH(""SSL$COM:SSL$SYSHUTDOWN.COM"") .NES."""" THEN -" +$ WRITE SF " @SSL$COM:SSL$SYSHUTDOWN.COM" +$ WRITE SF "$!" +$ WRITE SF "$ IF F$TRNLNM(""SSL$CERTS"") .NES."""" THEN -" +$ WRITE SF " DEASSIGN/SYSTEM/EXEC SSL$CERTS" +$! +$ WRITE SF "$ IF F$TRNLNM(""SSL$COM"") .NES."""" THEN -" +$ WRITE SF " DEASSIGN/SYSTEM/EXEC SSL$COM" +$! +$ WRITE SF "$ IF F$TRNLNM(""SSL$EXE"") .NES."""" THEN -" +$ WRITE SF " DEASSIGN/SYSTEM/EXEC SSL$EXE" +$! +$ WRITE SF "$ IF F$TRNLNM(""SSL$INCLUDE"") .NES."""" THEN -" +$ WRITE SF " DEASSIGN/SYSTEM/EXEC SSL$INCLUDE" +$! +$ WRITE SF "$ IF F$TRNLNM(""SSL$KEY"") .NES."""" THEN -" +$ WRITE SF " DEASSIGN/SYSTEM/EXEC SSL$KEY" +$! +$ WRITE SF "$ IF F$TRNLNM(""SSL$PRIVATE"") .NES."""" THEN -" +$ WRITE SF " DEASSIGN/SYSTEM/EXEC SSL$PRIVATE" +$! +$ WRITE SF "$!" +$ WRITE SF "$ IF F$TRNLNM(""OPENSSL"") .NES."""" THEN -" +$ WRITE SF " DEASSIGN/SYSTEM/EXEC OPENSSL" +$ WRITE SF "$!" +$ WRITE SF "$ IF F$TRNLNM(""SSL$ROOT"") .NES."""" THEN -" +$ WRITE SF " DEASSIGN/SYSTEM/EXEC SSL$ROOT" +$ WRITE SF "$!" +$ WRITE SF "$ EXIT" +$ CLOSE SF +$ SET FILE/PROT=WORLD:RE WRK_SSLCOM:SSL$SHUTDOWN.COM +$! +$ COPY SSL$UTILS.COM WRK_SSLCOM:/LOG +$ SET FILE/PROT=WORLD:RE WRK_SSLCOM:SSL$UTILS.COM +$! +$ COPY SSL$SYSTARTUP.COM WRK_SSLCOM:/LOG +$ SET FILE/PROT=WORLD:RE WRK_SSLCOM:SSL$SYSTARTUP.COM +$ COPY SSL$SYSHUTDOWN.COM WRK_SSLCOM:/LOG +$ SET FILE/PROT=WORLD:RE WRK_SSLCOM:SSL$SYSHUTDOWN.COM +$! +$ CERT_DIR := [.CERT_TOOL] +$ CERT_FILES := SSL$AUTH_CERT.COM,SSL$AUTO_CERT.COM,SSL$CERT_TOOL.COM, - + SSL$CONF_UTIL.COM,SSL$DRAW_BOX.COM,SSL$EXIT_CMD.TPU, - + SSL$FILL_BOX.COM,SSL$HASH_CERT.COM,SSL$HOSTADDR.EXE, - + SSL$HOSTNAME.EXE,SSL$INIT_ENV.COM,SSL$INIT_TERM.COM, - + SSL$PICK_FILE.COM,SSL$RQST_CERT.COM,SSL$SELF_CERT.COM, - + SSL$SHOW_FILE.COM,SSL$SIGN_CERT.COM,SSL$VIEW_CERT.COM, - + SSL$REM_ENV.COM +$! +$ I = 0 +$ LOOP: +$ CF = F$EDIT(F$ELEMENT(I, ",", CERT_FILES),"TRIM") +$ I = I + 1 +$ IF CF .EQS. "," THEN GOTO LOOP_END +$ SET NOON +$ IF F$SEARCH(CERT_DIR+CF) .NES. "" +$ THEN +$ COPY 'CERT_DIR''CF' WRK_SSLCOM:*.*/log +$ SET FILE/PROT=W:RE WRK_SSLCOM:'CF' +$ ENDIF +$ SET ON +$ GOTO LOOP +$ LOOP_END: +$! +$ SHOW SYSTEM/FULL/OUTPUT=WRK_SSLROOT:[PRIVATE]RANDFILE. +$ SET FILE/PROT=WORLD:RE WRK_SSLROOT:[PRIVATE]RANDFILE. +$! +$ COPY SSL010.RELEASE_NOTES WRK_SSLROOT:[000000]/LOG +$ SET FILE/PROT=WORLD:RE WRK_SSLROOT:[000000]SSL010.RELEASE_NOTES +$! $ EXIT diff --git a/VMS/mkshared.com b/VMS/mkshared.com index afdc85bbe..ab628ad7d 100644 --- a/VMS/mkshared.com +++ b/VMS/mkshared.com @@ -3,16 +3,94 @@ $! $! No command line parameters. This should be run at the start of the source $! tree (the same directory where one finds INSTALL.VMS). $! -$! Input: [.UTIL]LIBEAY.NUM,[.AXP.EXE.CRYPTO]LIBCRYPTO.OLB -$! [.UTIL]SSLEAY.NUM,[.AXP.EXE.SSL]LIBSSL.OLB -$! Output: [.AXP.EXE.CRYPTO]LIBCRYPTO.OPT,.MAP,.EXE -$! [.AXP.EXE.SSL]LIBSSL.OPT,.MAP,.EXE +$! Input: [.UTIL]LIBEAY.NUM,[.AXP.EXE.CRYPTO]LIBCRYPTO.OLB +$! [.UTIL]SSLEAY.NUM,[.AXP.EXE.SSL]LIBSSL.OLB +$! Output: [.AXP.EXE.CRYPTO]LIBCRYPTO.OPT,.MAP,.EXE +$! [.AXP.EXE.SSL]LIBSSL.OPT,.MAP,.EXE $! $! So far, tests have only been made on VMS for Alpha. VAX will come in time. +$! +$! +$! >>>>> +$! Note: Since I don't know how to put a comment into one of the .NUM +$! files, I will put the comment here and hope that it is found. +$! +$! For SSLEAY.NUM, we do not expose SSL_add_dir_cert_subjs_to_stk. +$! We do not expose it because it is a truncated VMS name that +$! points to (via SYMHACKS.H) SSL_add_dir_cert_subjects_to_stack. +$! However, SSL_add_dir_cert_subjects_to_stack is #ifndef VMS +$! out of SSL_CERT.C. So, comment them all out and we won't get +$! any link errors about undefined symbols. This all works fine +$! until we need this API's functionality. +$! +$! For LIBEAY.NUM, +$! ASN1_UTCTIME_GET #if 0 [.CRYPTO.ASN1]A_UTCTM.C +$! [.CRYPTO.ASN1]ASN1.H +$! +$! DES_SET_WEAK_KEY_FLAG [.CRYPTO.DES]DES.H +$! Not used in any .C file. +$! +$! DH_GET_DEFAULT_METHOD Not found in any .C or .H file. +$! DH_SET_DEFAULT_METHOD Not found in any .C or .H file. +$! DSA_GET_DEFAULT_METHOD Not found in any .C or .H file. +$! DSA_SET_DEFAULT_METHOD Not found in any .C or .H file. +$! +$! PEM_READ_BIO_NETSCAPE_CERT_SEQUENCE [.CRYPTO.PEM]PEM.H +$! [.CRYPTO]SYMHACKS.H +$! PEM_read_bio_NS_CERT_SEQ is not in any .C or .H file. +$! +$! PEM_READ_BIO_PKCS8_PRIV_KEY_INFO [.CRYPTO]SYMHACKS.H +$! #define PEM_read_bio_PKCS8_PRIV_KEY_INFO PEM_read_bio_P8_PRIV_KEY_INFO +$! PEM_read_bio_P8_PRIV_KEY_INFO is not in any .C or .H file. +$! +$! PEM_READ_NETSCAPE_CERT_SEQUENCE [.CRYPTO.PEM]PEM.H +$! [.CRYPTO]SYMHACKS.H +$! #define PEM_read_NETSCAPE_CERT_SEQUENCE PEM_read_NS_CERT_SEQ +$! PEM_read_NS_CERT_SEQ is not in any .C or .H file. +$! +$! PEM_READ_PKCS8_PRIV_KEY_INFO [.CRYPTO]SYMHACKS.H +$! #define PEM_read_PKCS8_PRIV_KEY_INFO PEM_read_P8_PRIV_KEY_INFO +$! PEM_read_P8_PRIV_KEY_INFO is not in any .C or .H file. +$! +$! PEM_WRITE_BIO_NETSCAPE_CERT_SEQUENCE [.CRYPTO.PEM]PEM.H +$! [.CRYPTO]SYMHACKS.H +$! #define PEM_write_bio_NETSCAPE_CERT_SEQUENCE PEM_write_bio_NS_CERT_SEQ +$! PEM_write_bio_NS_CERT_SEQ is not in any .C or .H file. +$! +$! PEM_WRITE_BIO_PKCS8_PRIV_KEY_INFO [.CRYPTO]SYMHACKS.H +$! #define PEM_write_bio_PKCS8_PRIV_KEY_INFO PEM_write_bio_P8_PRIV_KEY_INFO +$! PEM_write_bio_P8_PRIV_KEY_INFO is not in any .C or .H file. +$! +$! PEM_WRITE_NETSCAPE_CERT_SEQUENCE [.CRYPTO.PEM]PEM.H +$! [.CRYPTO]SYMHACKS.H +$! #define PEM_write_NETSCAPE_CERT_SEQUENCE PEM_write_NS_CERT_SEQ +$! PEM_write_NS_CERT_SEQ is not in any .C or .H file. +$! +$! PEM_WRITE_PKCS8_PRIV_KEY_INFO [.CRYPTO]SYMHACKS.H +$! #define PEM_write_PKCS8_PRIV_KEY_INFO PEM_write_P8_PRIV_KEY_INFO +$! PEM_write_P8_PRIV_KEY_INFO is not in any .C or .H file. +$! +$! RAND_EVENT [.CRYPTO.RAND]RAND.H RAND_event is #if windows || Win32 +$! [.CRYPTO.RAND]RAND_WIN.C +$! All modules in RAND_WIN are WINDOWS or WIN32 modules. +$! +$! RAND_SCREEN if Windows or Win32 - [.CRYPTO.RAND]RAND.H +$! +$! RSA_GET_DEFAULT_METHOD is not in any .C or .H file. +$! +$! RSA_SET_DEFAULT_METHOD is not in any .C or .H file. +$! +$! +$! $! =========================================================================== -$ +$! +$! Setup VMS specific information. +$! +$ @vms_build_info +$! $! ----- Prepare info for processing: version number and file info $ gosub read_version_info +$! $ if libver .eqs. "" $ then $ write sys$error "ERROR: Couldn't find any library version info..." @@ -24,20 +102,31 @@ $ then $ libid = "Crypto" $ libnum = "[.UTIL]LIBEAY.NUM" $ libdir = "[.AXP.EXE.CRYPTO]" -$ libolb = "''libdir'LIBCRYPTO.OLB" +$ libolb = "''libdir'LIBCRYPTO''build_bits'.OLB" $ libopt = "''libdir'LIBCRYPTO.OPT" $ libmap = "''libdir'LIBCRYPTO.MAP" -$ libgoal= "''libdir'LIBCRYPTO.EXE" +$ if build_bits .eqs. "32" +$ then +$ libgoal= "''libdir'SSL$LIBCRYPTO_SHR''build_bits'.EXE" +$ else +$ libgoal= "''libdir'SSL$LIBCRYPTO_SHR.EXE" +$ endif $ libref = "" $ gosub create_axp_shr $ libid = "SSL" $ libnum = "[.UTIL]SSLEAY.NUM" $ libdir = "[.AXP.EXE.SSL]" -$ libolb = "''libdir'LIBSSL.OLB" +$ libolb = "''libdir'LIBSSL''build_bits'.OLB" $ libopt = "''libdir'LIBSSL.OPT" $ libmap = "''libdir'LIBSSL.MAP" -$ libgoal= "''libdir'LIBSSL.EXE" -$ libref = "[.AXP.EXE.CRYPTO]LIBCRYPTO.EXE" +$ if build_bits .eqs. "32" +$ then +$ libgoal= "''libdir'SSL$LIBSSL_SHR''build_bits'.EXE" +$ libref = "[.AXP.EXE.CRYPTO]SSL$LIBCRYPTO_SHR''build_bits'.EXE" +$ else +$ libgoal= "''libdir'SSL$LIBSSL_SHR.EXE" +$ libref = "[.AXP.EXE.CRYPTO]SSL$LIBCRYPTO_SHR.EXE" +$ endif $ gosub create_axp_shr $ else $ libtit = "CRYPTO_TRANSFER_VECTOR" @@ -45,11 +134,16 @@ $ libid = "Crypto" $ libnum = "[.UTIL]LIBEAY.NUM" $ libdir = "[.VAX.EXE.CRYPTO]" $ libmar = "''libdir'LIBCRYPTO.MAR" -$ libolb = "''libdir'LIBCRYPTO.OLB" +$ libolb = "''libdir'LIBCRYPTO''build_bits.OLB" $ libopt = "''libdir'LIBCRYPTO.OPT" $ libobj = "''libdir'LIBCRYPTO.OBJ" $ libmap = "''libdir'LIBCRYPTO.MAP" -$ libgoal= "''libdir'LIBCRYPTO.EXE" +$ if build_bits .eqs. "32" +$ then +$ libgoal= "''libdir'SSL$LIBCRYPTO_SHR''build_bits'.EXE" +$ else +$ libgoal= "''libdir'SSL$LIBCRYPTO_SHR.EXE" +$ endif $ libref = "" $ libvec = "LIBCRYPTO" $ gosub create_vax_shr @@ -58,12 +152,18 @@ $ libid = "SSL" $ libnum = "[.UTIL]SSLEAY.NUM" $ libdir = "[.VAX.EXE.SSL]" $ libmar = "''libdir'LIBSSL.MAR" -$ libolb = "''libdir'LIBSSL.OLB" +$ libolb = "''libdir'LIBSSL''build_bits'.OLB" $ libopt = "''libdir'LIBSSL.OPT" $ libobj = "''libdir'LIBSSL.OBJ" $ libmap = "''libdir'LIBSSL.MAP" -$ libgoal= "''libdir'LIBSSL.EXE" -$ libref = "[.VAX.EXE.CRYPTO]LIBCRYPTO.EXE" +$ if build_bits .eqs. "32" +$ then +$ libgoal= "''libdir'SSL$LIBSSL_SHR''build_bits'.EXE" +$ libref = "[.VAX.EXE.CRYPTO]SSL$LIBCRYPTO_SHR''build_bits'.EXE" +$ else +$ libgoal= "''libdir'SSL$LIBSSL_SHR.EXE" +$ libref = "[.VAX.EXE.CRYPTO]SSL$LIBCRYPTO_SHR.EXE" +$ endif $ libvec = "LIBSSL" $ gosub create_vax_shr $ endif @@ -83,18 +183,18 @@ $! in the .num file, check that each line applies to VMS and the architecture, $! and to fill in "holes" with dummy entries. $! $! The creator routines depend on the following variables: -$! libnum The name of the .num file to use as input -$! libolb The name of the object library to build from -$! libid The identification string of the shareable library -$! libopt The name of the .opt file to write -$! libtit The title of the assembler transfer vector file (VAX only) -$! libmar The name of the assembler transfer vector file (VAX only) -$! libmap The name of the map file to write -$! libgoal The name of the shareable library to write -$! libref The name of a shareable library to link in +$! libnum The name of the .num file to use as input +$! libolb The name of the object library to build from +$! libid The identification string of the shareable library +$! libopt The name of the .opt file to write +$! libtit The title of the assembler transfer vector file (VAX only) +$! libmar The name of the assembler transfer vector file (VAX only) +$! libmap The name of the map file to write +$! libgoal The name of the shareable library to write +$! libref The name of a shareable library to link in $! $! read_func_num depends on the following variables from the creator: -$! libwriter The name of the writer routine to call for each .num file line +$! libwriter The name of the writer routine to call for each .num file line $! ----- $ $! ----- Subroutines for AXP @@ -103,6 +203,7 @@ $! The creator routine $ create_axp_shr: $ open/write opt 'libopt' $ write opt "identification=""",libid," ",libverstr,"""" +$ write opt "build_ident=""",build_ident,"_",build_platform,"_",build_bits,""" " $ write opt libolb,"/lib" $ if libref .nes. "" then write opt libref,"/SHARE" $ write opt "SYMBOL_VECTOR=(-" @@ -137,14 +238,16 @@ $ endif $ if libfirstentry $ then $ write 'libwrch' " ",libentry,"=",pr," -" +$!DEBUG!$ write sys$output "''libentry' = ''pr' #1" $ else $ write 'libwrch' " ,",libentry,"=",pr," -" +$!DEBUG!$ write sys$output ",''libentry' = ''pr'" $ endif $ libfirstentry := false $ textcount = textcount + textcount_this $ return $ -$! ----- Subroutines for AXP +$! ----- Subroutines for VAX $! ----- $! The creator routine $ create_vax_shr: @@ -153,23 +256,23 @@ $ type sys$input:/out=mar: ; ; Transfer vector for VAX shareable image ; -$ write mar " .TITLE ",libtit -$ write mar " .IDENT /",libid,"/" +$ write mar " .TITLE ",libtit +$ write mar " .IDENT /",libid,"/" $ type sys$input:/out=mar: ; ; Define macro to assist in building transfer vector entries. Each entry ; should take no more than 8 bytes. ; - .MACRO FTRANSFER_ENTRY routine - .ALIGN QUAD - .TRANSFER routine - .MASK routine - JMP routine+2 - .ENDM FTRANSFER_ENTRY + .MACRO FTRANSFER_ENTRY routine + .ALIGN QUAD + .TRANSFER routine + .MASK routine + JMP routine+2 + .ENDM TRANSFER_ENTRY ; ; Place entries in own program section. ; -$ write mar " .PSECT $$",libvec,",QUAD,PIC,USR,CON,REL,LCL,SHR,EXE,RD,NOWRT" +$ write mar " .PSECT $$",libvec,"QUAD,PIC,USR,CON,REL,LCL,SHR,EXE,RD,NOWRT" $ write mar libvec,"_xfer:" $ libwrch := mar $ libwriter := write_vax_ftransfer_entry @@ -178,10 +281,10 @@ $ type sys$input:/out=mar: ; ; Allocate extra storage at end of vector to allow for expansion. ; -$ write mar " .BLKB 32768-<.-",libvec,"_xfer> ; 64 pages total." -$! libwriter := write_vax_vtransfer_entry -$! gosub read_func_num -$ write mar " .END" +$ write mar " .BLKB 32768-<.-",libvec,"_xfer> ; 64 pages total." +$ libwriter := write_vax_vtransfer_entry +$ gosub read_func_num +$ write mar " .END" $ close mar $ open/write opt 'libopt' $ write opt "identification=""",libid," ",libverstr,"""" @@ -202,7 +305,7 @@ $ type sys$input:/out=opt: PSECT_ATTR=$CHAR_STRING_CONSTANTS,NOWRT $ libwrch := opt $ libwriter := write_vax_psect_attr -$ gosub read_func_num +$ gosub read_var_num $ close opt $ macro/obj='libobj' 'libmar' $ link/map='libmap'/full/share='libgoal' 'libopt'/option @@ -213,9 +316,9 @@ $ write_vax_ftransfer_entry: $ if info_kind .nes. "FUNCTION" then return $ if libentry .eqs ".dummy" $ then -$ write 'libwrch' " .BLKB 8" ! Dummy is zeroes... +$ write 'libwrch' " .BLKB 8" ! Dummy is zeroes... $ else -$ write 'libwrch' " FTRANSFER_ENTRY ",libentry +$ write 'libwrch' " FTRANSFER_ENTRY ",libentry $ endif $ return $! The record writer routine for VAX variables (should never happen!) @@ -245,6 +348,16 @@ $ info_exist=f$element(0,":",entryinfo) $ info_platforms=","+f$element(1,":",entryinfo)+"," $ info_kind=f$element(2,":",entryinfo) $ info_algorithms=","+f$element(3,":",entryinfo)+"," +$! +$!DEBUG!$ write sys$output " Processing ... ", line +$!DEBUG!$ write sys$output "Entry num = ",entrynum +$!DEBUG!$ write sys$output "Entry info = ",entryinfo +$!DEBUG!$ write sys$output "Cur Entry = ",curentry +$!DEBUG!$ write sys$output "info exist = ",info_exist +$!DEBUG!$ write sys$output "info platforms = ",info_platforms +$!DEBUG!$ write sys$output "info kind = ",info_kind +$!DEBUG!$ write sys$output "info algs = ",info_algorithms +$! $ if info_exist .eqs. "NOEXIST" then goto loop $ truesum = 0 $ falsesum = 0 @@ -252,10 +365,15 @@ $ negatives = 1 $ plat_i = 0 $ loop1: $ plat_entry = f$element(plat_i,",",info_platforms) +$!DEBUG!$ write sys$output "plat entry = ",plat_entry +$! $ plat_i = plat_i + 1 +$!DEBUG!$ write sys$output "plat i = ", plat_i $ if plat_entry .eqs. "" then goto loop1 -$ if plat_entry .nes. "," +$ if plat_entry .eqs. "," $ then +$ goto endloop1 +$ else $ if f$extract(0,1,plat_entry) .nes. "!" then negatives = 0 $ if f$getsyi("CPU") .lt. 128 $ then @@ -264,30 +382,48 @@ $ truesum = truesum + 1 $ if plat_entry .eqs. "!EXPORT_VAR_AS_FUNCTION" then - $ falsesum = falsesum + 1 $ endif -$ if plat_entry .eqs. "VMS" then truesum = truesum + 1 -$ if plat_entry .eqs. "!VMS" then falsesum = falsesum + 1 -$ goto loop1 +$ if plat_entry .eqs. "VMS" +$ then +$ truesum = truesum + 1 +$!DEBUG!$ write sys$output "plat_entry = VMS" +$ endif +$! +$ if plat_entry .eqs. "!VMS" +$ then +$ falsesum = falsesum + 1 +$!DEBUG!$ write sys$output "plat_entry <> VMS" +$ endif $ endif +$ goto loop1 +$! $ endloop1: $!DEBUG!$ if info_platforms - "EXPORT_VAR_AS_FUNCTION" .nes. info_platforms $!DEBUG!$ then $!DEBUG!$ write sys$output line $!DEBUG!$ write sys$output " truesum = ",truesum,- -$!DEBUG! ", negatives = ",negatives,", falsesum = ",falsesum +$!DEBUG! ", negatives = ",negatives,", falsesum = ",falsesum $!DEBUG!$ endif $ if falsesum .ne. 0 then goto loop -$ if truesum+negatives .eq. 0 then goto loop +$ if truesum+negatives .eq. 0 +$ then +$!DEBUG!$ write sys$output "truesum+negatives .eq. 0. Going to loop." +$ goto loop +$ endif $ alg_i = 0 $ loop2: $ alg_entry = f$element(alg_i,",",info_algorithms) -$ alg_i = alg_i + 1 +$!DEBUG!$ write sys$output "alg entry = ",alg_entry +$ alg_i = alg_i + 1 $ if alg_entry .eqs. "" then goto loop2 -$ if alg_entry .nes. "," +$ if alg_entry .eqs. "," $ then +$ goto endloop2 +$ else $ if alg_entry .eqs. "KRB5" then goto loop ! Special for now $ if f$trnlnm("OPENSSL_NO_"+alg_entry) .nes. "" then goto loop -$ goto loop2 $ endif +$ goto loop2 +$! $ endloop2: $ if info_platforms - "EXPORT_VAR_AS_FUNCTION" .nes. info_platforms $ then @@ -323,15 +459,16 @@ $ goto 'next' $ loop_end: $ close libnum $ return -$ +$! $! The version number reader -$ read_version_info: +$! +$read_version_info: $ libver = "" $ open/read vf [.CRYPTO]OPENSSLV.H $ loop_rvi: $ read/err=endloop_rvi/end=endloop_rvi vf rvi_line $ if rvi_line - "SHLIB_VERSION_NUMBER """ .eqs. rvi_line then - - goto loop_rvi + goto loop_rvi $ libverstr = f$element(1,"""",rvi_line) $ libvmajor = f$element(0,".",libverstr) $ libvminor = f$element(1,".",libverstr) @@ -339,7 +476,7 @@ $ libvedit = f$element(2,".",libverstr) $ libvpatch = f$cvui(0,8,f$extract(1,1,libvedit)+"@")-f$cvui(0,8,"@") $ libvedit = f$extract(0,1,libvedit) $ libver = f$string(f$int(libvmajor)*100)+","+- - f$string(f$int(libvminor)*100+f$int(libvedit)*10+f$int(libvpatch)) + f$string(f$int(libvminor)*100+f$int(libvedit)*10+f$int(libvpatch)) $ if libvmajor .eqs. "0" $ then $ libvmatch = "EQUAL" diff --git a/VMS/ssl$syshutdown.com b/VMS/ssl$syshutdown.com new file mode 100644 index 000000000..a3473c1a3 --- /dev/null +++ b/VMS/ssl$syshutdown.com @@ -0,0 +1,8 @@ +$! +$! SSL$SYSHUTDOWN.COM - This command procedure is used for site specific SSL +$! shutdown tasks. Anything setup in SSL$SYSTARTUP.COM +$! should be cleaned up in this command procedure. +$! +$ DEASSIGN/SYSTEM/EXEC RANDFILE +$ DEASSIGN/SYSTEM/EXEC SSL$RANDFILE +$! diff --git a/VMS/ssl$systartup.com b/VMS/ssl$systartup.com new file mode 100644 index 000000000..a94c249b4 --- /dev/null +++ b/VMS/ssl$systartup.com @@ -0,0 +1,7 @@ +$! +$! +$! Add logical to aid random number generators. -- http://www.free.lp.se/openssl/docs/openssl3.html#ss3.1 +$! +$ DEFINE/SYSTEM/EXEC RANDFILE SSL$ROOT:[PRIVATE]RANDFILE.; +$ DEFINE/SYSTEM/EXEC SSL$RANDFILE SSL$ROOT:[PRIVATE]RANDFILE.; +$! diff --git a/VMS/ssl$utils.com b/VMS/ssl$utils.com new file mode 100644 index 000000000..909a9acee --- /dev/null +++ b/VMS/ssl$utils.com @@ -0,0 +1,76 @@ +$! +$! APPS.COM +$! Written By: Robert Byer +$! Vice-President +$! A-Com Computing, Inc. +$! byer@mail.all-net.net +$! +$! +$! Slightly modified by Richard Levitte +$! +$ IF P1 .NES. "" THEN GOTO 'P1 +$! +$DEFINE: +$! +$ OPENSSL :== $SSL$EXE:OPENSSL +$ VERIFY :== $SSL$EXE:OPENSSL VERIFY +$ ASN1PARSE:== $SSL$EXE:OPENSSL ASN1PARS +$ REQ :== $SSL$EXE:OPENSSL REQ +$ DGST :== $SSL$EXE:OPENSSL DGST +$ DH :== $SSL$EXE:OPENSSL DH +$ ENC :== $SSL$EXE:OPENSSL ENC +$ GENDH :== $SSL$EXE:OPENSSL GENDH +$ ERRSTR :== $SSL$EXE:OPENSSL ERRSTR +$ CA :== $SSL$EXE:OPENSSL CA +$ CRL :== $SSL$EXE:OPENSSL CRL +$ RSA :== $SSL$EXE:OPENSSL RSA +$ DSA :== $SSL$EXE:OPENSSL DSA +$ DSAPARAM :== $SSL$EXE:OPENSSL DSAPARAM +$ X509 :== $SSL$EXE:OPENSSL X509 +$ GENRSA :== $SSL$EXE:OPENSSL GENRSA +$ GENDSA :== $SSL$EXE:OPENSSL GENDSA +$ S_SERVER :== $SSL$EXE:OPENSSL S_SERVER +$ S_CLIENT :== $SSL$EXE:OPENSSL S_CLIENT +$ SPEED :== $SSL$EXE:OPENSSL SPEED +$ S_TIME :== $SSL$EXE:OPENSSL S_TIME +$ VERSION :== $SSL$EXE:OPENSSL VERSION +$ PKCS7 :== $SSL$EXE:OPENSSL PKCS7 +$ CRL2PKCS7:== $SSL$EXE:OPENSSL CRL2P7 +$ SESS_ID :== $SSL$EXE:OPENSSL SESS_ID +$ CIPHERS :== $SSL$EXE:OPENSSL CIPHERS +$ NSEQ :== $SSL$EXE:OPENSSL NSEQ +$ PKCS12 :== $SSL$EXE:OPENSSL PKCS12 +$! +$EXIT +$! +$REMOVE: +$ DELETE/SYMBOL/GLOBAL OPENSSL +$ DELETE/SYMBOL/GLOBAL VERIFY +$ DELETE/SYMBOL/GLOBAL ASN1PARSE +$ DELETE/SYMBOL/GLOBAL REQ +$ DELETE/SYMBOL/GLOBAL DGST +$ DELETE/SYMBOL/GLOBAL DH +$ DELETE/SYMBOL/GLOBAL ENC +$ DELETE/SYMBOL/GLOBAL GENDH +$ DELETE/SYMBOL/GLOBAL ERRSTR +$ DELETE/SYMBOL/GLOBAL CA +$ DELETE/SYMBOL/GLOBAL CRL +$ DELETE/SYMBOL/GLOBAL RSA +$ DELETE/SYMBOL/GLOBAL DSA +$ DELETE/SYMBOL/GLOBAL DSAPARAM +$ DELETE/SYMBOL/GLOBAL X509 +$ DELETE/SYMBOL/GLOBAL GENRSA +$ DELETE/SYMBOL/GLOBAL GENDSA +$ DELETE/SYMBOL/GLOBAL S_SERVER +$ DELETE/SYMBOL/GLOBAL S_CLIENT +$ DELETE/SYMBOL/GLOBAL SPEED +$ DELETE/SYMBOL/GLOBAL S_TIME +$ DELETE/SYMBOL/GLOBAL VERSION +$ DELETE/SYMBOL/GLOBAL PKCS7 +$ DELETE/SYMBOL/GLOBAL CRL2PKCS7 +$ DELETE/SYMBOL/GLOBAL SESS_ID +$ DELETE/SYMBOL/GLOBAL CIPHERS +$ DELETE/SYMBOL/GLOBAL NSEQ +$ DELETE/SYMBOL/GLOBAL PKCS12 +$! +$EXIT diff --git a/VMS/ssl010.release_notes b/VMS/ssl010.release_notes new file mode 100644 index 000000000..e380cbb37 --- /dev/null +++ b/VMS/ssl010.release_notes @@ -0,0 +1,25 @@ + + Compaq SSL for OpenVMS Alpha + + Field Test Release Notes + + February 2002 + + Based on OpenSSL 0.9.6B + + Compaq SSL T1.0 for OpenVMS Alpha + CPQ-AXPVMS-SSL-T0100--1.PCSI-DCX-AXPEXE + + ---------------------------------------------- + + Compaq is pleased to provide you with the first release of Compaq + SSL for OpenVMS Alpha. Compaq SSL (Secure Sockets Layer) + is based on the 0.9.6B release from the Open Group. See + http://www.openssl.org for more information about OpenSSL. + + Documentation for this kit, including installation and configuration + information, release notes, a programming tutorial and API reference, + is included in "Open Source Security for OpenVMS Alpha + Volume 2: SSL" in HTML, PDF, and PostScript format. This document + is included on the OpenVMS field test documentation CD-ROM. + diff --git a/VMS/tcpip_shr_decc.opt b/VMS/tcpip_shr_decc.opt new file mode 100644 index 000000000..33b159e5f --- /dev/null +++ b/VMS/tcpip_shr_decc.opt @@ -0,0 +1 @@ +sys$share:tcpip$ipc_shr.exe/share diff --git a/apps/enc.c b/apps/enc.c index 2c3af7517..617b212d4 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -485,11 +485,6 @@ bad: else memset(str,0,strlen(str)); } - if ((hiv != NULL) && !set_hex(hiv,iv,sizeof iv)) - { - BIO_printf(bio_err,"invalid hex iv value\n"); - goto end; - } if ((hiv == NULL) && (str == NULL)) { /* No IV was explicitly set and no IV was generated @@ -498,6 +493,11 @@ bad: BIO_printf(bio_err, "iv undefined\n"); goto end; } + if ((hiv != NULL) && !set_hex(hiv,iv,sizeof iv)) + { + BIO_printf(bio_err,"invalid hex iv value\n"); + goto end; + } if ((hkey != NULL) && !set_hex(hkey,key,sizeof key)) { BIO_printf(bio_err,"invalid hex key value\n"); diff --git a/apps/install.com b/apps/install.com index f927dc29f..41dc6e9ae 100644 --- a/apps/install.com +++ b/apps/install.com @@ -62,7 +62,9 @@ $ COPY CA.COM WRK_SSLAEXE:CA.COM/LOG $ SET FILE/PROT=W:RE WRK_SSLAEXE:CA.COM $ COPY CA.COM WRK_SSLVEXE:CA.COM/LOG $ SET FILE/PROT=W:RE WRK_SSLVEXE:CA.COM -$ COPY OPENSSL-VMS.CNF WRK_SSLROOT:[000000]OPENSSL.CNF/LOG +$ COPY OPENSSL-VMS.CNF WRK_SSLROOT:[000000]OPENSSL-VMS.CNF/LOG +$ SET FILE/PROT=W:R WRK_SSLROOT:[000000]OPENSSL-VMS.CNF +$ COPY OPENSSL.CNF WRK_SSLROOT:[000000]OPENSSL.CNF/LOG $ SET FILE/PROT=W:R WRK_SSLROOT:[000000]OPENSSL.CNF $ SET ON $ diff --git a/apps/makeapps.com b/apps/makeapps.com index 219f571d5..6ac20cbb8 100644 --- a/apps/makeapps.com +++ b/apps/makeapps.com @@ -44,12 +44,19 @@ $! keywords: $! $! UCX for UCX $! SOCKETSHR for SOCKETSHR+NETLIB +$! TCPIP for TCPIP (post UCX) $! $! P5, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up) $! $! P6, if defined, sets a choice of programs to compile. $! $! +$! +$! Define USER_CCFLAGS +$! +$ @[-]vms_build_info.com +$ WRITE SYS$OUTPUT " Using USER_CCFLAGS = ", USER_CCFLAGS +$! $! Define A TCP/IP Library That We Will Need To Link To. $! (That Is, If We Need To Link To One.) $! @@ -98,15 +105,15 @@ $ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine." $! $! Define The CRYPTO Library. $! -$ CRYPTO_LIB := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO.OLB +$ CRYPTO_LIB := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO'build_bits'.OLB $! $! Define The RSAREF Library. $! -$ RSAREF_LIB := SYS$DISK:[-.'ARCH'.EXE.RSAREF]LIBRSAGLUE.OLB +$ RSAREF_LIB := SYS$DISK:[-.'ARCH'.EXE.RSAREF]LIBRSAGLUE'build_bits'.OLB $! $! Define The SSL Library. $! -$ SSL_LIB := SYS$DISK:[-.'ARCH'.EXE.SSL]LIBSSL.OLB +$ SSL_LIB := SYS$DISK:[-.'ARCH'.EXE.SSL]LIBSSL'build_bits'.OLB $! $! Define The OBJ Directory. $! @@ -125,6 +132,23 @@ $! End The OBJ Directory Check. $! $ ENDIF $! +$! Define The LIS Directory. +$! +$ LIS_DIR := SYS$DISK:[-.'ARCH'.LIS.APPS] +$! +$! Check To See If The OBJ Directory Exists. +$! +$ IF (F$PARSE(LIS_DIR).EQS."") +$ THEN +$! +$! It Dosen't Exist, So Create It. +$! +$ CREATE/DIRECTORY 'LIS_DIR' +$! +$! End The LIS Directory Check. +$! +$ ENDIF +$! $! Define The EXE Directory. $! $ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.APPS] @@ -155,13 +179,13 @@ $! $ LIB_FILES = "VERIFY;ASN1PARS;REQ;DGST;DH;DHPARAM;ENC;PASSWD;GENDH;ERRSTR;"+- "CA;PKCS7;CRL2P7;CRL;"+- "RSA;RSAUTL;DSA;DSAPARAM;"+- - "X509;GENRSA;GENDSA;S_SERVER;S_CLIENT;SPEED;"+- + "X509;GENRSA;GENDSA;TERM_SOCK;S_SERVER;S_CLIENT;SPEED;"+- "S_TIME;APPS;S_CB;S_SOCKET;APP_RAND;VERSION;SESS_ID;"+- "CIPHERS;NSEQ;PKCS12;PKCS8;SPKAC;SMIME;RAND;ENGINE;OCSP" $ APP_FILES := OPENSSL,'OBJ_DIR'VERIFY.OBJ,ASN1PARS.OBJ,REQ.OBJ,DGST.OBJ,DH.OBJ,DHPARAM.OBJ,ENC.OBJ,PASSWD.OBJ,GENDH.OBJ,ERRSTR.OBJ,- CA.OBJ,PKCS7.OBJ,CRL2P7.OBJ,CRL.OBJ,- RSA.OBJ,RSAUTL.OBJ,DSA.OBJ,DSAPARAM.OBJ,- - X509.OBJ,GENRSA.OBJ,GENDSA.OBJ,S_SERVER.OBJ,S_CLIENT.OBJ,SPEED.OBJ,- + X509.OBJ,GENRSA.OBJ,GENDSA.OBJ,TERM_SOCK.OBJ,S_SERVER.OBJ,S_CLIENT.OBJ,SPEED.OBJ,- S_TIME.OBJ,APPS.OBJ,S_CB.OBJ,S_SOCKET.OBJ,APP_RAND.OBJ,VERSION.OBJ,SESS_ID.OBJ,- CIPHERS.OBJ,NSEQ.OBJ,PKCS12.OBJ,PKCS8.OBJ,SPKAC.OBJ,SMIME.OBJ,RAND.OBJ,ENGINE.OBJ,OCSP.OBJ $ TCPIP_PROGRAMS = ",," @@ -234,6 +258,10 @@ $! Create The Object File Name. $! $ OBJECT_FILE = OBJ_DIR + FILE_NAME + ".OBJ" $! +$! Create The Listing File Name. +$! +$ LIST_FILE = LIS_DIR + FILE_NAME + ".LIS" +$! $! Create The Executable File Name. $! $ EXE_FILE = EXE_DIR + FILE_NAME + ".EXE" @@ -247,7 +275,7 @@ $! $! Tell The User That The File Dosen't Exist. $! $ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Dosen't Exist." +$ WRITE SYS$OUTPUT F$MESSAGE("%X10018290") + ". The File ",SOURCE_FILE," Dosen't Exist." $ WRITE SYS$OUTPUT "" $! $! Exit The Build. @@ -272,9 +300,9 @@ $! $ ON ERROR THEN GOTO NEXT_FILE $ IF COMPILEWITH_CC2 - FILE_NAME .NES. COMPILEWITH_CC2 $ THEN -$ CC2/OBJECT='OBJECT_FILE' 'SOURCE_FILE' +$ CC2/OBJECT='OBJECT_FILE'/LIST='LIST_FILE'/MACHINE_CODE 'SOURCE_FILE' $ ELSE -$ CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE' +$ CC/OBJECT='OBJECT_FILE'/LIST='LIST_FILE'/MACHINE_CODE 'SOURCE_FILE' $ ENDIF $! $ ON WARNING THEN GOTO NEXT_FILE @@ -304,10 +332,14 @@ $ THEN $! $! Link With The RSAREF Library And A Specific TCP/IP Library. $! -$ LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' - +$ LINK /'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' /MAP='MAP_FILE' /FULL/CROSS - 'OBJECT_FILE''EXTRA_OBJ', - - 'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY,'RSAREF_LIB'/LIBRARY, - - 'TCPIP_LIB','OPT_FILE'/OPTION + 'SSL_LIB'/LIBRARY,- + 'CRYPTO_LIB'/LIBRARY, - + 'RSAREF_LIB'/LIBRARY, - + 'TCPIP_LIB', - + 'OPT_FILE'/OPTION, - + SYS$DISK:[-]SSL_IDENT.OPT/OPTION $! $! Else... $! @@ -315,10 +347,13 @@ $ ELSE $! $! Link With The RSAREF Library And NO TCP/IP Library. $! -$ LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' - +$ LINK /'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' /MAP='MAP_FILE' /FULL/CROSS - 'OBJECT_FILE''EXTRA_OBJ', - - 'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY,'RSAREF_LIB'/LIBRARY, - - 'OPT_FILE'/OPTION + 'SSL_LIB'/LIBRARY, - + 'CRYPTO_LIB'/LIBRARY, - + 'RSAREF_LIB'/LIBRARY, - + 'OPT_FILE'/OPTION, - + SYS$DISK:[-]SSL_IDENT.OPT/OPTION $! $! End The TCP/IP Library Check. $! @@ -338,10 +373,14 @@ $ THEN $! $! Don't Link With The RSAREF Routines And TCP/IP Library. $! -$ LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' - +$ LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' /MAP='MAP_FILE' /FULL/CROSS - 'OBJECT_FILE''EXTRA_OBJ', - - 'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, - - 'TCPIP_LIB','OPT_FILE'/OPTION + 'SSL_LIB'/LIBRARY, - + 'CRYPTO_LIB'/LIBRARY, - + 'TCPIP_LIB', - + 'OPT_FILE'/OPTION, - + SYS$DISK:[-]SSL_IDENT.OPT/OPTION + $! $! Else... $! @@ -349,10 +388,13 @@ $ ELSE $! $! Don't Link With The RSAREF Routines And Link With A TCP/IP Library. $! -$ LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' - +$ LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' /MAP='MAP_FILE' /FULL/CROSS - 'OBJECT_FILE''EXTRA_OBJ', - - 'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, - - 'OPT_FILE'/OPTION + 'SSL_LIB'/LIBRARY, - + 'CRYPTO_LIB'/LIBRARY, - + 'OPT_FILE'/OPTION, - + SYS$DISK:[-]SSL_IDENT.OPT/OPTION +$! $! $! End The TCP/IP Library Check. $! @@ -489,6 +531,7 @@ $! End The Option File Search. $! $ ENDIF $! +$! $! End The DEC C Check. $! $ ENDIF @@ -838,12 +881,12 @@ $ CC = "CC" $ IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" - THEN CC = "CC/DECC" $ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + - - "/NOLIST/PREFIX=ALL" + - + "/PREFIX=ALL" + - "/INCLUDE=(SYS$DISK:[-])" + CCEXTRAFLAGS $! $! Define The Linker Options File Name. $! -$ OPT_FILE = "SYS$DISK:[]VAX_DECC_OPTIONS.OPT" +$ OPT_FILE = "SYS$DISK:[]''arch'_DECC_OPTIONS.OPT" $! $! End DECC Check. $! @@ -870,7 +913,7 @@ $ WRITE SYS$OUTPUT "There is no VAX C on Alpha!" $ EXIT $ ENDIF $ IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC" -$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + - +$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'" + - "/INCLUDE=(SYS$DISK:[-])" + CCEXTRAFLAGS $ CCDEFS = CCDEFS + ",""VAXC""" $! @@ -880,7 +923,7 @@ $ DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB] $! $! Define The Linker Options File Name. $! -$ OPT_FILE = "SYS$DISK:[]VAX_VAXC_OPTIONS.OPT" +$ OPT_FILE = "SYS$DISK:[]''arch'_VAXC_OPTIONS.OPT" $! $! End VAXC Check $! @@ -902,12 +945,12 @@ $! $! Use GNU C... $! $ IF F$TYPE(GCC) .EQS. "" THEN GCC := GCC -$ CC = GCC+"/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + - +$ CC = GCC+"/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'" + - "/INCLUDE=(SYS$DISK:[-])" + CCEXTRAFLAGS $! $! Define The Linker Options File Name. $! -$ OPT_FILE = "SYS$DISK:[]VAX_GNUC_OPTIONS.OPT" +$ OPT_FILE = "SYS$DISK:[]''arch'_GNUC_OPTIONS.OPT" $! $! End The GNU C Check. $! @@ -963,7 +1006,7 @@ $ ENDIF $! $! Time to check the contents, and to make sure we get the correct library. $! -$ IF P4.EQS."SOCKETSHR" .OR. P4.EQS."MULTINET" .OR. P4.EQS."UCX" +$ IF P4.EQS."SOCKETSHR" .OR. P4.EQS."MULTINET" .OR. P4.EQS."UCX" .OR. P4.EQS."TCPIP" .OR. P4.EQS."NONE" $ THEN $! $! Check to see if SOCKETSHR was chosen @@ -973,7 +1016,7 @@ $ THEN $! $! Set the library to use SOCKETSHR $! -$ TCPIP_LIB = "[-.VMS]SOCKETSHR_SHR.OPT/OPT" +$ TCPIP_LIB = "SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT/OPT" $! $! Done with SOCKETSHR $! @@ -999,19 +1042,45 @@ $ THEN $! $! Set the library to use UCX. $! -$ TCPIP_LIB = "[-.VMS]UCX_SHR_DECC.OPT/OPT" +$ TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT/OPT" $ IF F$TRNLNM("UCX$IPC_SHR") .NES. "" $ THEN -$ TCPIP_LIB = "[-.VMS]UCX_SHR_DECC_LOG.OPT/OPT" +$ TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT/OPT" $ ELSE $ IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN - - TCPIP_LIB = "[-.VMS]UCX_SHR_VAXC.OPT/OPT" + TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT/OPT" $ ENDIF $! $! Done with UCX $! $ ENDIF $! +$! Check to see if TCPIP (post UCX) was chosen +$! +$ IF P4.EQS."TCPIP" +$ THEN +$! +$! Set the library to use TCPIP. +$! +$ TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT/OPT" +$! +$! Done with TCPIP +$! +$ ENDIF +$! +$! Check to see if NONE was chosen +$! +$ IF P4.EQS."NONE" +$ THEN +$! +$! Do not use TCPIP. +$! +$ TCPIP_LIB = "" +$! +$! Done with TCPIP +$! +$ ENDIF +$! $! Add TCP/IP type to CC definitions. $! $ CCDEFS = CCDEFS + ",TCPIP_TYPE_''P4'" @@ -1031,6 +1100,7 @@ $ WRITE SYS$OUTPUT "The Option ",P4," Is Invalid. The Valid Options Are:" $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT " SOCKETSHR : To link with SOCKETSHR TCP/IP library." $ WRITE SYS$OUTPUT " UCX : To link with UCX TCP/IP library." +$ WRITE SYS$OUTPUT " TCPIP : To link with TCPIP (post UCX) TCP/IP library." $ WRITE SYS$OUTPUT "" $! $! Time To EXIT. diff --git a/apps/openssl-vms.cnf b/apps/openssl-vms.cnf index d4498713f..fbf408baa 100644 --- a/apps/openssl-vms.cnf +++ b/apps/openssl-vms.cnf @@ -3,8 +3,8 @@ # This is mostly being used for generation of certificate requests. # -RANDFILE = $ENV::HOME/.rnd -oid_file = $ENV::HOME/.oid +RANDFILE = ${ENV::HOME}/.rnd +oid_file = ${ENV::HOME}/.oid oid_section = new_oids # To use this configuration file with the "-extfile" option of the @@ -29,17 +29,17 @@ default_ca = CA_default # The default ca section #################################################################### [ CA_default ] -dir = sys\$disk:[.demoCA # Where everything is kept -certs = $dir.certs] # Where the issued certs are kept -crl_dir = $dir.crl] # Where the issued crl are kept -database = $dir]index.txt # database index file. -new_certs_dir = $dir.newcerts] # default place for new certs. +dir = ssl$root:[000000 # Where everything is kept +certs = ${dir}.certs] # Where the issued certs are kept +crl_dir = ${dir}.certs] # Where the issued crl are kept +database = ${dir}.private]index.txt # database index file. +new_certs_dir = ${dir}.certs] # default place for new certs. -certificate = $dir]cacert.pem # The CA certificate -serial = $dir]serial. # The current serial number -crl = $dir]crl.pem # The current CRL -private_key = $dir.private]cakey.pem# The private key -RANDFILE = $dir.private].rand # private random number file +certificate = ${dir}]cacert.pem # The CA certificate +serial = ${dir}.private]serial.txt # The current serial number +crl = ${dir}]crl.pem # The current CRL +private_key = ${dir}.private]cakey.pem # The private key +RANDFILE = ${dir}.private].rand # private random number file x509_extensions = usr_cert # The extentions to add to the cert @@ -60,8 +60,8 @@ policy = policy_match # For the CA policy [ policy_match ] countryName = match -stateOrProvinceName = match -organizationName = match +stateOrProvinceName = supplied +organizationName = supplied organizationalUnitName = optional commonName = supplied emailAddress = optional diff --git a/apps/openssl.c b/apps/openssl.c index c17458ef7..4613a8c5f 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -138,6 +138,18 @@ static unsigned long MS_CALLBACK hash(const void *a_void); /* static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b); */ static int MS_CALLBACK cmp(const void *a_void,const void *b_void); static LHASH *prog_init(void ); + +#ifdef OPENSSL_SYS_VMS +#if __INITIAL_POINTER_SIZE == 64 +#pragma __required_pointer_size __save +#pragma __required_pointer_size 32 +#endif +typedef char ** Argv_32; +#if __INITIAL_POINTER_SIZE == 64 +#pragma __required_pointer_size __restore +#endif +#endif + static int do_cmd(LHASH *prog,int argc,char *argv[]); CONF *config=NULL; char *default_config_file=NULL; @@ -212,7 +224,11 @@ static void lock_dbg_cb(int mode, int type, const char *file, int line) } +#ifdef OPENSSL_SYS_VMS +int main(int Argc, Argv_32 argv32) +#else int main(int Argc, char *Argv[]) +#endif { ARGS arg; #define PROG_NAME_SIZE 39 @@ -222,8 +238,16 @@ int main(int Argc, char *Argv[]) int n,i,ret=0; int argc; char **argv,*p; + +#ifdef OPENSSL_SYS_VMS +#if __INITIAL_POINTER_SIZE == 64 + char **argv64; +#endif +#endif + LHASH *prog=NULL; long errline; + int loop; /* For checking if it's first round in the OpenSSL commandline loop */ arg.data=NULL; arg.count=0; @@ -284,14 +308,23 @@ int main(int Argc, char *Argv[]) prog=prog_init(); /* first check the program name */ +#ifdef OPENSSL_SYS_VMS + program_name(argv32[0],pname,PROG_NAME_SIZE); +#else program_name(Argv[0],pname,PROG_NAME_SIZE); +#endif f.name=pname; fp=(FUNCTION *)lh_retrieve(prog,&f); if (fp != NULL) { +#ifdef OPENSSL_SYS_VMS + argv32[0]=pname; + ret=fp->func(Argc,argv32); +#else Argv[0]=pname; ret=fp->func(Argc,Argv); +#endif goto end; } @@ -300,14 +333,32 @@ int main(int Argc, char *Argv[]) if (Argc != 1) { Argc--; +#ifdef OPENSSL_SYS_VMS + argv32++; + #if __INITIAL_POINTER_SIZE == 64 + argv64=(char **)_malloc64(sizeof(char *)*Argc); /* memory allocation in 64-bit address */ + + for (i=0;i' mode */ - + loop=0; for (;;) { ret=0; @@ -319,7 +370,14 @@ int main(int Argc, char *Argv[]) p[0]='\0'; if (i++) prompt=">"; - else prompt="OpenSSL> "; + else + if(loop == 0){ /* first round in this loop*/ + prompt="OpenSSL> "; + loop++; + } + else + prompt="\nOpenSSL> "; + fputs(prompt,stdout); fflush(stdout); fgets(p,n,stdin); @@ -369,6 +427,7 @@ end: #define LIST_MESSAGE_DIGEST_COMMANDS "list-message-digest-commands" #define LIST_CIPHER_COMMANDS "list-cipher-commands" + static int do_cmd(LHASH *prog, int argc, char *argv[]) { FUNCTION f,*fp; diff --git a/apps/openssl.cnf b/apps/openssl.cnf index eca51c332..fcef23ff5 100644 --- a/apps/openssl.cnf +++ b/apps/openssl.cnf @@ -6,7 +6,15 @@ # This definition stops the following lines choking if HOME isn't # defined. HOME = . -RANDFILE = $ENV::HOME/.rnd + +# +# From the instructions at http://www.free.lp.se/openssl/docs/openssl3.html#ss3.1, +# change the value of RANDFILE. Also moved definition of dir up since RANDFILE +# depends on it. +# +#RANDFILE = $ENV::HOME/.rnd +dir = SSLROOT:[000000 # Where everything is kept +RANDFILE = $dir.private]RANDFILE.; # Extra OBJECT IDENTIFIER info: #oid_file = $ENV::HOME/.oid @@ -33,8 +41,12 @@ default_ca = CA_default # The default ca section #################################################################### [ CA_default ] - -dir = ./demoCA # Where everything is kept +# +# From the instructions at http://www.free.lp.se/openssl/docs/openssl3.html#ss3.1, +# change the value of dir. +# +#dir = sys\$disk:[.demoCA # Where everything is kept +dir = SSLROOT:[000000 # Where everything is kept certs = $dir/certs # Where the issued certs are kept crl_dir = $dir/crl # Where the issued crl are kept database = $dir/index.txt # database index file. @@ -174,6 +186,11 @@ basicConstraints=CA:FALSE # and for everything including object signing: # nsCertType = client, email, objsign +# +# From the instructions at http://www.free.lp.se/openssl/docs/openssl3.html#ss3.1, +# include server in the nsCertType. +# +nsCertType = client, email, objsign, server # This is typical in keyUsage for a client certificate. # keyUsage = nonRepudiation, digitalSignature, keyEncipherment diff --git a/apps/s_cb.c b/apps/s_cb.c index ca5b24548..def28c031 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -239,16 +239,18 @@ long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp, int argi, if (cmd == (BIO_CB_READ|BIO_CB_RETURN)) { - BIO_printf(out,"read from %08X [%08lX] (%d bytes => %ld (0x%X))\n", + BIO_printf(out,"read from %08X [%08lX] (%d bytes => %ld (0x%X))\n\n", bio,argp,argi,ret,ret); BIO_dump(out,argp,(int)ret); + BIO_printf(out,"\n"); return(ret); } else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN)) { - BIO_printf(out,"write to %08X [%08lX] (%d bytes => %ld (0x%X))\n", + BIO_printf(out,"write to %08X [%08lX] (%d bytes => %ld (0x%X))\n\n", bio,argp,argi,ret,ret); BIO_dump(out,argp,(int)ret); + BIO_printf(out,"\n"); } return(ret); } @@ -266,7 +268,7 @@ void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret) if (where & SSL_CB_LOOP) { - BIO_printf(bio_err,"%s:%s\n",str,SSL_state_string_long(s)); + BIO_printf(bio_err,"%s:%s\n\n",str,SSL_state_string_long(s)); } else if (where & SSL_CB_ALERT) { diff --git a/apps/s_client.c b/apps/s_client.c index 9c0dbc2bf..7c2312642 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -141,6 +141,10 @@ typedef unsigned int u_int; #endif +#ifdef OPENSSL_SYS_VMS +#include "term_sock.h" +#endif + #if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000) /* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */ #undef FIONBIO @@ -251,6 +255,10 @@ int MAIN(int argc, char **argv) #ifdef OPENSSL_SYS_WINDOWS struct timeval tv; #endif +#ifdef OPENSSL_SYS_VMS + int stdin_sock; + TerminalSocket (TERM_SOCK_CREATE, &stdin_sock); +#endif #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) meth=SSLv23_client_method(); @@ -436,10 +444,10 @@ bad: if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL && !RAND_status()) { - BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); + BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n\n"); } if (inrand != NULL) - BIO_printf(bio_err,"%ld semi-random bytes loaded\n", + BIO_printf(bio_err,"%ld semi-random bytes loaded\n\n", app_RAND_load_files(inrand)); if (bio_c_out == NULL) @@ -516,7 +524,7 @@ re_start: SHUTDOWN(s); goto end; } - BIO_printf(bio_c_out,"CONNECTED(%08X)\n",s); + BIO_printf(bio_c_out,"CONNECTED(%08X)\n\n",s); #ifdef FIONBIO if (c_nbio) @@ -557,6 +565,11 @@ re_start: SSL_set_connect_state(con); /* ok, lets connect */ +#ifdef OPENSSL_SYS_VMS + if (stdin_sock > SSL_get_fd(con)) + width=stdin_sock+1; + else +#endif width=SSL_get_fd(con)+1; read_tty=1; @@ -623,8 +636,12 @@ re_start: #ifndef OPENSSL_SYS_WINDOWS if (tty_on) { - if (read_tty) FD_SET(fileno(stdin),&readfds); - if (write_tty) FD_SET(fileno(stdout),&writefds); +#ifdef OPENSSL_SYS_VMS + if (read_tty) FD_SET(stdin_sock,&readfds); +#else + if (read_tty) FD_SET(fileno(stdin),&readfds); + if (write_tty) FD_SET(fileno(stdout),&writefds); +#endif } if (read_ssl) FD_SET(SSL_get_fd(con),&readfds); @@ -746,7 +763,7 @@ re_start: goto shut; } } -#ifdef OPENSSL_SYS_WINDOWS +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_VMS) /* Assume Windows can always write */ else if (!ssl_pending && write_tty) #else @@ -805,7 +822,7 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240 read_tty=0; break; case SSL_ERROR_WANT_READ: - BIO_printf(bio_c_out,"read R BLOCK\n"); + BIO_printf(bio_c_out,"read R BLOCK\n\n"); write_tty=0; read_ssl=1; if ((read_tty == 0) && (write_ssl == 0)) @@ -830,14 +847,22 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240 #ifdef OPENSSL_SYS_WINDOWS else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) #else - else if (FD_ISSET(fileno(stdin),&readfds)) +#ifdef OPENSSL_SYS_VMS + else if (FD_ISSET(stdin_sock,&readfds)) +#else + else if (FD_ISSET(fileno(stdin),&readfds)) +#endif #endif { if (crlf) { int j, lf_num; - i=read(fileno(stdin),cbuf,BUFSIZZ/2); +#ifdef OPENSSL_SYS_VMS + i=recv(stdin_sock,cbuf,BUFSIZZ/2,0); +#else + i=read(fileno(stdin),cbuf,BUFSIZZ/2); +#endif lf_num = 0; /* both loops are skipped when i <= 0 */ for (j = 0; j < i; j++) @@ -856,7 +881,11 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240 assert(lf_num == 0); } else - i=read(fileno(stdin),cbuf,BUFSIZZ); +#ifdef OPENSSL_SYS_VMS + i=recv(stdin_sock,cbuf,BUFSIZZ,0); +#else + i=read(fileno(stdin),cbuf,BUFSIZZ); +#endif if ((!c_ign_eof) && ((i <= 0) || (cbuf[0] == 'Q'))) { @@ -901,6 +930,9 @@ end: bio_c_out=NULL; } apps_shutdown(); +#ifdef OPENSSL_SYS_VMS + TerminalSocket (TERM_SOCK_DELETE, &stdin_sock); +#endif EXIT(ret); } @@ -934,7 +966,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) BIO_printf(bio,"%2d s:%s\n",i,buf); X509_NAME_oneline(X509_get_issuer_name( sk_X509_value(sk,i)),buf,BUFSIZ); - BIO_printf(bio," i:%s\n",buf); + BIO_printf(bio," i:%s\n\n",buf); if (c_showcerts) PEM_write_bio_X509(bio,sk_X509_value(sk,i)); } @@ -1008,7 +1040,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) } BIO_printf(bio,((s->hit)?"---\nReused, ":"---\nNew, ")); c=SSL_get_current_cipher(s); - BIO_printf(bio,"%s, Cipher is %s\n", + BIO_printf(bio,"%s, Cipher is %s\n\n", SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c)); if (peer != NULL) { @@ -1019,7 +1051,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) EVP_PKEY_free(pktmp); } SSL_SESSION_print(bio,SSL_get_session(s)); - BIO_printf(bio,"---\n"); + BIO_printf(bio,"---\n\n"); if (peer != NULL) X509_free(peer); /* flush, or debugging output gets mixed with http response */ diff --git a/apps/s_server.c b/apps/s_server.c index 65525572e..5aeb20c62 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -144,6 +144,10 @@ typedef unsigned int u_int; #include #endif +#ifdef OPENSSL_SYS_VMS +#include "term_sock.h" +#endif + #if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000) /* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */ #undef FIONBIO @@ -827,7 +831,7 @@ bad: goto end; } RSA_free(rsa); - BIO_printf(bio_s_out,"\n"); + BIO_printf(bio_s_out,"\n\n"); } #endif #endif @@ -883,7 +887,7 @@ static void print_stats(BIO *bio, SSL_CTX *ssl_ctx) BIO_printf(bio,"%4d session cache misses\n",SSL_CTX_sess_misses(ssl_ctx)); BIO_printf(bio,"%4d session cache timeouts\n",SSL_CTX_sess_timeouts(ssl_ctx)); BIO_printf(bio,"%4d callback cache hits\n",SSL_CTX_sess_cb_hits(ssl_ctx)); - BIO_printf(bio,"%4d cache full overflows (%d allowed)\n", + BIO_printf(bio,"%4d cache full overflows (%d allowed)\n\n", SSL_CTX_sess_cache_full(ssl_ctx), SSL_CTX_sess_get_cache_size(ssl_ctx)); } @@ -900,7 +904,12 @@ static int sv_body(char *hostname, int s, unsigned char *context) #ifdef OPENSSL_SYS_WINDOWS struct timeval tv; #endif +#ifdef OPENSSL_SYS_VMS + int stdin_sock; + TerminalSocket (TERM_SOCK_CREATE, &stdin_sock); +#endif + if ((buf=OPENSSL_malloc(bufsize)) == NULL) { BIO_printf(bio_err,"out of memory\n"); @@ -959,7 +968,12 @@ static int sv_body(char *hostname, int s, unsigned char *context) SSL_set_msg_callback_arg(con, bio_s_out); } - width=s+1; +#ifdef OPENSSL_SYS_VMS + if (stdin_sock > s) + width = stdin_sock + 1; + else +#endif + width=s+1; for (;;) { int read_from_terminal; @@ -972,7 +986,11 @@ static int sv_body(char *hostname, int s, unsigned char *context) { FD_ZERO(&readfds); #ifndef OPENSSL_SYS_WINDOWS +#ifdef OPENSSL_SYS_VMS + FD_SET(stdin_sock,&readfds); +#else FD_SET(fileno(stdin),&readfds); +#endif #endif FD_SET(s,&readfds); /* Note: under VMS with SOCKETSHR the second parameter is @@ -996,8 +1014,12 @@ static int sv_body(char *hostname, int s, unsigned char *context) #else i=select(width,(void *)&readfds,NULL,NULL,NULL); if (i <= 0) continue; - if (FD_ISSET(fileno(stdin),&readfds)) - read_from_terminal = 1; +#ifdef OPENSSL_SYS_VMS + if (FD_ISSET(stdin_sock,&readfds)) +#else + if (FD_ISSET(fileno(stdin),&readfds)) +#endif + read_from_terminal = 1; #endif if (FD_ISSET(s,&readfds)) read_from_sslcon = 1; @@ -1008,7 +1030,11 @@ static int sv_body(char *hostname, int s, unsigned char *context) { int j, lf_num; - i=read(fileno(stdin), buf, bufsize/2); +#ifdef OPENSSL_SYS_VMS + i=recv(stdin_sock, buf, bufsize/2, 0); +#else + i=read(fileno(stdin), buf, bufsize/2); +#endif lf_num = 0; /* both loops are skipped when i <= 0 */ for (j = 0; j < i; j++) @@ -1027,7 +1053,11 @@ static int sv_body(char *hostname, int s, unsigned char *context) assert(lf_num == 0); } else - i=read(fileno(stdin),buf,bufsize); +#ifdef OPENSSL_SYS_VMS + i=recv(stdin_sock,buf,bufsize, 0); +#else + i=read(fileno(stdin),buf,bufsize); +#endif if (!s_quiet) { if ((i <= 0) || (buf[0] == 'Q')) @@ -1096,7 +1126,7 @@ static int sv_body(char *hostname, int s, unsigned char *context) case SSL_ERROR_WANT_WRITE: case SSL_ERROR_WANT_READ: case SSL_ERROR_WANT_X509_LOOKUP: - BIO_printf(bio_s_out,"Write BLOCK\n"); + BIO_printf(bio_s_out,"Write BLOCK\n\n"); break; case SSL_ERROR_SYSCALL: case SSL_ERROR_SSL: @@ -1106,7 +1136,7 @@ static int sv_body(char *hostname, int s, unsigned char *context) goto err; /* break; */ case SSL_ERROR_ZERO_RETURN: - BIO_printf(bio_s_out,"DONE\n"); + BIO_printf(bio_s_out,"DONE\n\n"); ret=1; goto err; } @@ -1144,12 +1174,13 @@ again: #endif write(fileno(stdout),buf, (unsigned int)i); + BIO_printf(bio_s_out,"\n"); if (SSL_pending(con)) goto again; break; case SSL_ERROR_WANT_WRITE: case SSL_ERROR_WANT_READ: case SSL_ERROR_WANT_X509_LOOKUP: - BIO_printf(bio_s_out,"Read BLOCK\n"); + BIO_printf(bio_s_out,"Read BLOCK\n\n"); break; case SSL_ERROR_SYSCALL: case SSL_ERROR_SSL: @@ -1181,6 +1212,9 @@ err: } if (ret >= 0) BIO_printf(bio_s_out,"ACCEPT\n"); +#ifdef OPENSSL_SYS_VMS + TerminalSocket (TERM_SOCK_DELETE, &stdin_sock); +#endif return(ret); } @@ -1238,7 +1272,7 @@ static int init_ssl_connection(SSL *con) if (SSL_get_shared_ciphers(con,buf,BUFSIZ) != NULL) BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf); str=SSL_CIPHER_get_name(SSL_get_current_cipher(con)); - BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)"); + BIO_printf(bio_s_out,"CIPHER is %s\n\n",(str != NULL)?str:"(NONE)"); if (con->hit) BIO_printf(bio_s_out,"Reused session-id\n"); if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) & TLS1_FLAGS_TLS_PADDING_BUG) @@ -1394,7 +1428,7 @@ static int www_body(char *hostname, int s, unsigned char *context) } else { - BIO_printf(bio_s_out,"read R BLOCK\n"); + BIO_printf(bio_s_out,"read R BLOCK\n\n"); #ifndef OPENSSL_SYS_MSDOS sleep(1); #endif @@ -1620,7 +1654,7 @@ static int www_body(char *hostname, int s, unsigned char *context) goto write_error; else { - BIO_printf(bio_s_out,"rwrite W BLOCK\n"); + BIO_printf(bio_s_out,"rwrite W BLOCK\n\n"); } } else diff --git a/apps/term_sock.c b/apps/term_sock.c new file mode 100644 index 000000000..b3bdef51d --- /dev/null +++ b/apps/term_sock.c @@ -0,0 +1,581 @@ +#ifdef VMS + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#ifdef __alpha +#include +#else +typedef struct _iosb { /* Copied from IOSBDEF.H for Alpha */ +#pragma __nomember_alignment + __union { + __struct { + unsigned short int iosb$w_status; /* Final I/O status */ + __union { + __struct { /* 16-bit byte count variant */ + unsigned short int iosb$w_bcnt; /* 16-bit byte count */ + __union { + unsigned int iosb$l_dev_depend; /* 32-bit device dependent info */ + unsigned int iosb$l_pid; /* 32-bit pid */ + } iosb$r_l; + } iosb$r_bcnt_16; + __struct { /* 32-bit byte count variant */ + unsigned int iosb$l_bcnt; /* 32-bit byte count (unaligned) */ + unsigned short int iosb$w_dev_depend_high; /* 16-bit device dependent info */ + } iosb$r_bcnt_32; + } iosb$r_devdepend; + } iosb$r_io_64; + __struct { + __union { + unsigned int iosb$l_getxxi_status; /* Final GETxxI status */ + unsigned int iosb$l_reg_status; /* Final $Registry status */ + } iosb$r_l_status; + unsigned int iosb$l_reserved; /* Reserved field */ + } iosb$r_get_64; + } iosb$r_io_get; + } IOSB; + +#if !defined(__VAXC) +#define iosb$w_status iosb$r_io_get.iosb$r_io_64.iosb$w_status +#define iosb$w_bcnt iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_16.iosb$w_bcnt +#define iosb$r_l iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_16.iosb$r_l +#define iosb$l_dev_depend iosb$r_l.iosb$l_dev_depend +#define iosb$l_pid iosb$r_l.iosb$l_pid +#define iosb$l_bcnt iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_32.iosb$l_bcnt +#define iosb$w_dev_depend_high iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_32.iosb$w_dev_depend_high +#define iosb$l_getxxi_status iosb$r_io_get.iosb$r_get_64.iosb$r_l_status.iosb$l_getxxi_status +#define iosb$l_reg_status iosb$r_io_get.iosb$r_get_64.iosb$r_l_status.iosb$l_reg_status +#endif /* #if !defined(__VAXC) */ + +#endif /* End of IOSBDEF */ + +#include +#include +#include +#include +#include +#include + +#include "term_sock.h" + +#ifdef __alpha +static struct _iosb TerminalDeviceIosb; +#else +IOSB TerminalDeviceIosb; +#endif + +static char TerminalDeviceBuff[255 + 2]; +static int TerminalSocketPair[2] = {0, 0}; +static unsigned short TerminalDeviceChan = 0; + +static int CreateSocketPair (int, int, int, int *); +static void SocketPairTimeoutAst (int); +static int TerminalDeviceAst (int); +static void LogMessage (char *, ...); + +/* +** Socket Pair Timeout Value (must be 0-59 seconds) +*/ +#define SOCKET_PAIR_TIMEOUT_VALUE 20 + +/* +** Socket Pair Timeout Block which is passed to timeout AST +*/ +typedef struct _SocketPairTimeoutBlock { + unsigned short SockChan1; + unsigned short SockChan2; + } SPTB; + +#ifdef TERM_SOCK_TEST + +/*----------------------------------------------------------------------------*/ +/* */ +/*----------------------------------------------------------------------------*/ +int main (int argc, char *argv[], char *envp[]) +{ +char TermBuff[80]; +int TermSock, + status, + len; + +LogMessage ("Enter 'q' or 'Q' to quit ..."); +while (strcasecmp (TermBuff, "Q")) + { + /* + ** Create the terminal socket + */ + status = TerminalSocket (TERM_SOCK_CREATE, &TermSock); + if (status != TERM_SOCK_SUCCESS) + exit (1); + + /* + ** Process the terminal input + */ + LogMessage ("Waiting on terminal I/O ...\n"); + len = recv (TermSock, TermBuff, sizeof (TermBuff), 0) ; + TermBuff[len] = '\0'; + LogMessage ("Received terminal I/O [%s]", TermBuff); + + /* + ** Delete the terminal socket + */ + status = TerminalSocket (TERM_SOCK_DELETE, &TermSock); + if (status != TERM_SOCK_SUCCESS) + exit (1); + } + +return 1; + +} +#endif + +/*----------------------------------------------------------------------------*/ +/* */ +/*----------------------------------------------------------------------------*/ +int TerminalSocket (int FunctionCode, int *ReturnSocket) +{ +int status; +$DESCRIPTOR (TerminalDeviceDesc, "SYS$COMMAND"); + +/* +** Process the requested function code +*/ +switch (FunctionCode) + { + case TERM_SOCK_CREATE: + /* + ** Create a socket pair + */ + status = CreateSocketPair (AF_INET, SOCK_STREAM, 0, TerminalSocketPair); + if (status == -1) + { + LogMessage ("TerminalSocket: CreateSocketPair () - %08X", status); + if (TerminalSocketPair[0]) + close (TerminalSocketPair[0]); + if (TerminalSocketPair[1]) + close (TerminalSocketPair[1]); + return (TERM_SOCK_FAILURE); + } + + /* + ** Assign a channel to the terminal device + */ + status = sys$assign (&TerminalDeviceDesc, + &TerminalDeviceChan, + 0, 0, 0); + if (! (status & 1)) + { + LogMessage ("TerminalSocket: SYS$ASSIGN () - %08X", status); + close (TerminalSocketPair[0]); + close (TerminalSocketPair[1]); + return (TERM_SOCK_FAILURE); + } + + /* + ** Queue an async IO to the terminal device + */ + status = sys$qio (EFN$C_ENF, + TerminalDeviceChan, + IO$_READVBLK, + &TerminalDeviceIosb, + TerminalDeviceAst, + 0, + TerminalDeviceBuff, + sizeof (TerminalDeviceBuff) - 2, + 0, 0, 0, 0); + if (! (status & 1)) + { + LogMessage ("TerminalSocket: SYS$QIO () - %08X", status); + close (TerminalSocketPair[0]); + close (TerminalSocketPair[1]); + return (TERM_SOCK_FAILURE); + } + + /* + ** Return the input side of the socket pair + */ + *ReturnSocket = TerminalSocketPair[1]; + break; + + case TERM_SOCK_DELETE: + /* + ** Cancel any pending IO on the terminal channel + */ + status = sys$cancel (TerminalDeviceChan); + if (! (status & 1)) + { + LogMessage ("TerminalSocket: SYS$CANCEL () - %08X", status); + close (TerminalSocketPair[0]); + close (TerminalSocketPair[1]); + return (TERM_SOCK_FAILURE); + } + + /* + ** Deassign the terminal channel + */ + status = sys$dassgn (TerminalDeviceChan); + if (! (status & 1)) + { + LogMessage ("TerminalSocket: SYS$DASSGN () - %08X", status); + close (TerminalSocketPair[0]); + close (TerminalSocketPair[1]); + return (TERM_SOCK_FAILURE); + } + + /* + ** Close the terminal socket pair + */ + close (TerminalSocketPair[0]); + close (TerminalSocketPair[1]); + + /* + ** Return the initialized socket + */ + *ReturnSocket = 0; + break; + + default: + /* + ** Invalid function code + */ + LogMessage ("TerminalSocket: Invalid Function Code - %d", FunctionCode); + return (TERM_SOCK_FAILURE); + break; + } + +/* +** Return success +*/ +return (TERM_SOCK_SUCCESS); + +} + +/*----------------------------------------------------------------------------*/ +/* */ +/*----------------------------------------------------------------------------*/ +static int CreateSocketPair ( + int SocketFamily, + int SocketType, + int SocketProtocol, + int *SocketPair) +{ +struct dsc$descriptor AscTimeDesc = {0, DSC$K_DTYPE_T, DSC$K_CLASS_S, NULL}; +static const char* LocalHostAddr = {"127.0.0.1"}; +unsigned short TcpAcceptChan = 0, + TcpDeviceChan = 0; +unsigned long BinTimeBuff[2]; +struct sockaddr_in sin; +char AscTimeBuff[32]; +short LocalHostPort; +unsigned int status, + slen; + +#ifdef __alpha +struct _iosb iosb; +#else +IOSB iosb; +#endif + +int SockDesc1 = 0, + SockDesc2 = 0; +SPTB sptb; +$DESCRIPTOR (TcpDeviceDesc, "TCPIP$DEVICE"); + +/* +** Create a socket +*/ +SockDesc1 = socket (SocketFamily, SocketType, 0); +if (SockDesc1 < 0) + { + LogMessage ("CreateSocketPair: socket () - %d", errno); + return (-1); + } + +/* +** Initialize the socket information +*/ +slen = sizeof (sin); +memset ((char *) &sin, 0, slen); +sin.sin_family = SocketFamily; +sin.sin_addr.s_addr = inet_addr (LocalHostAddr); +sin.sin_port = 0; + +/* +** Bind the socket to the local IP +*/ +status = bind (SockDesc1, (struct sockaddr *) &sin, slen); +if (status < 0) + { + LogMessage ("CreateSocketPair: bind () - %d", errno); + close (SockDesc1); + return (-1); + } + +/* +** Get the socket name so we can save the port number +*/ +status = getsockname (SockDesc1, (struct sockaddr *) &sin, &slen); +if (status < 0) + { + LogMessage ("CreateSocketPair: getsockname () - %d", errno); + close (SockDesc1); + return (-1); + } +else + LocalHostPort = sin.sin_port; + +/* +** Setup a listen for the socket +*/ +listen (SockDesc1, 5); + +/* +** Get the binary (64-bit) time of the specified timeout value +*/ +sprintf (AscTimeBuff, "0 0:0:%02d.00", SOCKET_PAIR_TIMEOUT_VALUE); +AscTimeDesc.dsc$w_length = strlen (AscTimeBuff); +AscTimeDesc.dsc$a_pointer = AscTimeBuff; +status = sys$bintim (&AscTimeDesc, BinTimeBuff); +if (! (status & 1)) + { + LogMessage ("CreateSocketPair: SYS$BINTIM () - %08X", status); + close (SockDesc1); + return (-1); + } + +/* +** Assign another channel to the TCP/IP device for the accept. +** This is the channel that ends up being connected to. +*/ +status = sys$assign (&TcpDeviceDesc, &TcpDeviceChan, 0, 0, 0); +if (! (status & 1)) + { + LogMessage ("CreateSocketPair: SYS$ASSIGN () - %08X", status); + close (SockDesc1); + return (-1); + } + +/* +** Get the channel of the first socket for the accept +*/ +TcpAcceptChan = decc$get_sdc (SockDesc1); + +/* +** Perform the accept using $QIO so we can do this asynchronously +*/ +status = sys$qio (EFN$C_ENF, + TcpAcceptChan, + IO$_ACCESS | IO$M_ACCEPT, + &iosb, + 0, 0, 0, 0, 0, + &TcpDeviceChan, + 0, 0); +if (! (status & 1)) + { + LogMessage ("CreateSocketPair: SYS$QIO () - %08X", status); + close (SockDesc1); + sys$dassgn (TcpDeviceChan); + return (-1); + } + +/* +** Create the second socket to do the connect +*/ +SockDesc2 = socket (SocketFamily, SocketType, 0); +if (SockDesc2 < 0) + { + LogMessage ("CreateSocketPair: socket () - %d", errno); + sys$cancel (TcpAcceptChan); + close (SockDesc1); + sys$dassgn (TcpDeviceChan); + return (-1) ; + } + +/* +** Setup the Socket Pair Timeout Block +*/ +sptb.SockChan1 = TcpAcceptChan; +sptb.SockChan2 = decc$get_sdc (SockDesc2); + +/* +** Before we block on the connect, set a timer that can cancel I/O on our two +** sockets if it never connects. +*/ +status = sys$setimr (EFN$C_ENF, + BinTimeBuff, + SocketPairTimeoutAst, + &sptb, + 0); +if (! (status & 1)) + { + LogMessage ("CreateSocketPair: SYS$SETIMR () - %08X", status); + sys$cancel (TcpAcceptChan); + close (SockDesc1); + close (SockDesc2); + sys$dassgn (TcpDeviceChan); + return (-1); + } + +/* +** Now issue the connect +*/ +memset ((char *) &sin, 0, sizeof (sin)) ; +sin.sin_family = SocketFamily; +sin.sin_addr.s_addr = inet_addr (LocalHostAddr) ; +sin.sin_port = LocalHostPort ; + +status = connect (SockDesc2, (struct sockaddr *) &sin, sizeof (sin)); +if (status < 0 ) + { + LogMessage ("CreateSocketPair: connect () - %d", errno); + sys$cantim (&sptb, 0); + sys$cancel (TcpAcceptChan); + close (SockDesc1); + close (SockDesc2); + sys$dassgn (TcpDeviceChan); + return (-1); + } + +/* +** Wait for the asynch $QIO to finish. Note that if the I/O was aborted +** (SS$_ABORT), then we probably canceled it from the AST routine - so log a +** timeout. +*/ +status = sys$synch (EFN$C_ENF, &iosb); +if (! (iosb.iosb$w_status & 1)) + { + if (iosb.iosb$w_status == SS$_ABORT) + LogMessage ("CreateSocketPair: SYS$QIO(iosb) timeout"); + else + { + LogMessage ("CreateSocketPair: SYS$QIO(iosb) - %d", iosb.iosb$w_status); + sys$cantim (&sptb, 0); + } + close (SockDesc1); + close (SockDesc2); + sys$dassgn (TcpDeviceChan); + return (-1); + } + +/* +** Here we're successfully connected, so cancel the timer, convert the I/O +** channel to a socket fd, close the listener socket and return the connected +** pair. +*/ +sys$cantim (&sptb, 0); + +close (SockDesc1) ; +SocketPair[0] = SockDesc2 ; +SocketPair[1] = socket_fd (TcpDeviceChan); + +return (0) ; + +} + +/*----------------------------------------------------------------------------*/ +/* */ +/*----------------------------------------------------------------------------*/ +static void SocketPairTimeoutAst (int astparm) +{ +SPTB *sptb = (SPTB *) astparm; + +sys$cancel (sptb->SockChan2); /* Cancel the connect() */ +sys$cancel (sptb->SockChan1); /* Cancel the accept() */ + +return; + +} + +/*----------------------------------------------------------------------------*/ +/* */ +/*----------------------------------------------------------------------------*/ +static int TerminalDeviceAst (int astparm) +{ +int status; + +/* +** Terminate the terminal buffer +*/ +TerminalDeviceBuff[TerminalDeviceIosb.iosb$w_bcnt] = '\0'; +strcat (TerminalDeviceBuff, "\n"); + +/* +** Send the data read from the terminal device throught the socket pair +*/ +send (TerminalSocketPair[0], TerminalDeviceBuff, TerminalDeviceIosb.iosb$w_bcnt + 1, 0); + +/* +** Queue another async IO to the terminal device +*/ +status = sys$qio (EFN$C_ENF, + TerminalDeviceChan, + IO$_READVBLK, + &TerminalDeviceIosb, + TerminalDeviceAst, + 0, + TerminalDeviceBuff, + sizeof (TerminalDeviceBuff) - 1, + 0, 0, 0, 0); + +/* +** Return status +*/ +return status; + +} + +/*----------------------------------------------------------------------------*/ +/* */ +/*----------------------------------------------------------------------------*/ +static void LogMessage (char *msg, ...) +{ +char *Month[] = {"Jan", "Feb", "Mar", "Apr", "May", "Jun", + "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"}; +static unsigned int pid = 0; +va_list args; +time_t CurTime; +struct tm *LocTime; +char MsgBuff[256]; + +/* +** Get the process pid +*/ +if (pid == 0) + pid = getpid (); + +/* +** Convert the current time into local time +*/ +CurTime = time (NULL); +LocTime = localtime (&CurTime); + +/* +** Format the message buffer +*/ +sprintf (MsgBuff, "%02d-%s-%04d %02d:%02d:%02d [%08X] %s\n", + LocTime->tm_mday, Month[LocTime->tm_mon], (LocTime->tm_year + 1900), + LocTime->tm_hour, LocTime->tm_min, LocTime->tm_sec, pid, msg); + +/* +** Get any variable arguments and add them to the print of the message buffer +*/ +va_start (args, msg); +vfprintf (stderr, MsgBuff, args); +va_end (args); + +/* +** Flush standard error output +*/ +fsync (fileno (stderr)); + +return; + +} +#endif diff --git a/apps/term_sock.h b/apps/term_sock.h new file mode 100644 index 000000000..4b445a964 --- /dev/null +++ b/apps/term_sock.h @@ -0,0 +1,21 @@ +#ifndef TERM_SOCK_H +#define TERM_SOCK_H + +/* +** Terminal Socket Function Codes +*/ +#define TERM_SOCK_CREATE 1 +#define TERM_SOCK_DELETE 2 + +/* +** Terminal Socket Status Codes +*/ +#define TERM_SOCK_FAILURE 0 +#define TERM_SOCK_SUCCESS 1 + +/* +** Terminal Socket Prototype +*/ +int TerminalSocket (int FunctionCode, int *ReturnSocket); + +#endif diff --git a/cpq-axpvms-ssl-t0100--1.pcsi$desc b/cpq-axpvms-ssl-t0100--1.pcsi$desc new file mode 100644 index 000000000..eff2475a6 --- /dev/null +++ b/cpq-axpvms-ssl-t0100--1.pcsi$desc @@ -0,0 +1,259 @@ +-- +-- CPQ-AXPVMS-SSL-T0100--1.PCSI$DESCRIPTION +-- +-- KSG00141 Kevin Greaney 21-Jun-2001 +-- Using the ENCRYPT file as a template, create a +-- .PCSI$DESCRIPTION file for the OpenSSL port. +-- +-- +-- First, make sure we are running on correct operating system. +-- +product CPQ AXPVMS SSL T1.0 full ; + if (not ) ; + error NOAXPVMS; + end if; + +-- +-- Now, perform the installation. +-- +-- +-- Define the SSL root logical name. This is done by +-- SSL$PCSI.COM. It defines SSL$ROOT to be the +-- equivalence name of the PCSI$DESTINATION logical when +-- installing, and deassigns the logical when removing. + + execute + install "@pcsi$destination:[ssl.com]ssl$pcsi.com install" + remove "@pcsi$destination:[ssl.com]ssl$pcsi.com remove"; + +-- +-- SSL$STARTUP.COM defines a handfull of logicals and +-- then executes SSL$SYSTARTUP.COM. +-- +-- SSL$SHUTDOWN deassigns the logicals defined in the +-- startup file and then executes SSL$SYSHUTDOWN.COM +-- +-- Note : If this kit is installed to a disk other than +-- the system disk, these two files will not end +-- up on the system disk. They will have to be +-- moved over manually. + + execute + start "@sys$startup:ssl$startup.com" + stop "@sys$startup:ssl$shutdown.com"; + +-- +-- Now, perform the testing, if it was requested. +-- +-- Find out if the IVP should be run ... +-- Note : If the user specified /NOTEST on the command +-- line, the user will still be asked about running +-- the IVP, but no matter what they answer, the IVP +-- will NOT be run. This is because /NOTEST +-- overrides the option here. + + option run_ivp default yes; + execute test "@pcsi$destination:[systest]ssl$ivp.com/output=pcsi$destination:[systest]ssl$ivp.log"; + end option; +-- + information POST_INSTALL phase after with helptext; + information RELEASE_NOTES phase after ; + information START_INSTRUCTION phase after ; +-- information REINSTALL_PROBLEM phase after ; + +-- +-- And finally, define where all the files should be placed. +-- + directory [ssl] ; + file [ssl.com]ssl$pcsi.com protection private; +-- + file [syshlp]ssl010.release_notes release notes; + + if () ; + directory [ssl.alpha_exe] ; + + file [ssl.alpha_exe]ca.com ; + file [ssl.alpha_exe]openssl.exe ; + file [ssl.alpha_exe]ssl_task.exe ; +-- + end if; + + if () ; + directory [ssl.vax_exe] ; + file [ssl.vax_exe]ca.com; +-- + directory [ssl.vax_lib] ; + + end if; + + file [syslib]ssl$libssl_shr.exe ; + file [syslib]ssl$libcrypto_shr.exe ; + + file [syslib]ssl$libssl_shr32.exe ; + file [syslib]ssl$libcrypto_shr32.exe ; + + file [ssl.alpha_exe]ssl$hostname.exe; + file [ssl.alpha_exe]ssl$hostaddr.exe; +-- + directory [ssl.conf] ; + + file [ssl]openssl.cnf ; + file [ssl]openssl-vms.cnf ; + +-- + directory [ssl.certs] ; +-- + directory [syshlp.examples.ssl] ; + + file [syshlp.examples.ssl]ssl$bio_cli.c ; + file [syshlp.examples.ssl]ssl$bio_serv.c ; + file [syshlp.examples.ssl]ssl$cli_sess_renego.c ; + file [syshlp.examples.ssl]ssl$cli_sess_renego_cli_ver.c ; + file [syshlp.examples.ssl]ssl$cli_sess_reuse.c ; + file [syshlp.examples.ssl]ssl$cli_sess_reuse_cli_ver.c ; + file [syshlp.examples.ssl]ssl$cli_verify_client.c ; + file [syshlp.examples.ssl]ssl$serv_sess_renego.c ; + file [syshlp.examples.ssl]ssl$serv_sess_renego_cli_ver.c ; + file [syshlp.examples.ssl]ssl$serv_sess_reuse.c ; + file [syshlp.examples.ssl]ssl$serv_sess_reuse_cli_ver.c ; + file [syshlp.examples.ssl]ssl$serv_verify_client.c ; + file [syshlp.examples.ssl]ssl$simple_cli.c ; + file [syshlp.examples.ssl]ssl$simple_serv.c ; + file [syshlp.examples.ssl]ssl$examples_setup.com ; + +-- + directory [ssl.include] ; +-- + file [ssl.include]asn1.h ; + file [ssl.include]asn1_mac.h; + file [ssl.include]bio.h; + file [ssl.include]blowfish.h; + file [ssl.include]bn.h; + file [ssl.include]buffer.h; + file [ssl.include]cast.h; + file [ssl.include]comp.h; + file [ssl.include]conf.h; + file [ssl.include]conf_api.h; + file [ssl.include]crypto.h; + file [ssl.include]des.h; + file [ssl.include]dh.h; + file [ssl.include]dsa.h; + file [ssl.include]dso.h; + file [ssl.include]ebcdic.h; + file [ssl.include]engine.h; + file [ssl.include]err.h; + file [ssl.include]evp.h; + file [ssl.include]e_os.h; + file [ssl.include]e_os2.h; + file [ssl.include]hmac.h; + file [ssl.include]idea.h; + file [ssl.include]lhash.h; + file [ssl.include]md2.h; + file [ssl.include]md4.h; + file [ssl.include]md5.h; + file [ssl.include]mdc2.h; + file [ssl.include]objects.h; + file [ssl.include]obj_mac.h; + file [ssl.include]opensslconf.h; + file [ssl.include]opensslv.h; + file [ssl.include]pem.h; + file [ssl.include]pem2.h; + file [ssl.include]pkcs12.h; + file [ssl.include]pkcs7.h; + file [ssl.include]rand.h; + file [ssl.include]rc2.h; + file [ssl.include]rc4.h; + file [ssl.include]rc5.h; + file [ssl.include]ripemd.h; + file [ssl.include]rsa.h; + file [ssl.include]safestack.h; + file [ssl.include]sha.h; + file [ssl.include]ssl.h; + file [ssl.include]ssl2.h; + file [ssl.include]ssl23.h; + file [ssl.include]ssl3.h; + file [ssl.include]stack.h; + file [ssl.include]symhacks.h; + file [ssl.include]tls1.h; + file [ssl.include]tmdiff.h; + file [ssl.include]txt_db.h; + file [ssl.include]x509.h; + file [ssl.include]x509v3.h; + file [ssl.include]x509_vfy.h; +-- + directory [ssl.lib] ; +-- + directory [ssl.private] ; + + file [ssl.private]randfile.; +-- + directory [ssl.test] ; + + file [ssl.test]tcrl.com; + file [ssl.test]testca.com; + file [ssl.test]testenc.com; + file [ssl.test]testgen.com; + file [ssl.test]testss.com; + file [ssl.test]testssl.com; + file [ssl.test]tests_share.com; + file [ssl.test]tpkcs7.com; + file [ssl.test]tpkcs7d.com; + file [ssl.test]treq.com; + file [ssl.test]trsa.com; + file [ssl.test]tsid.com; + file [ssl.test]tverify.com; + file [ssl.test]tx509.com; +-- + file [ssl.test]bftest.exe; + file [ssl.test]bntest.exe; + file [ssl.test]casttest.exe; + file [ssl.test]destest.exe; + file [ssl.test]dhtest.exe; + file [ssl.test]dsatest.exe; + file [ssl.test]exptest.exe; + file [ssl.test]hmactest.exe; + file [ssl.test]ideatest.exe; + file [ssl.test]md2test.exe; + file [ssl.test]md4test.exe; + file [ssl.test]md5test.exe; + file [ssl.test]mdc2test.exe; + file [ssl.test]randtest.exe; + file [ssl.test]rc2test.exe; + file [ssl.test]rc4test.exe; + file [ssl.test]rc5test.exe; + file [ssl.test]rmdtest.exe; + file [ssl.test]rsa_test.exe; + file [ssl.test]sha1test.exe; + file [ssl.test]shatest.exe; + file [ssl.test]ssltest.exe; +-- + file [systest]ssl$ivp.com; +-- + directory [ssl.com] ; + + file [sys$startup]ssl$startup.com; + file [sys$startup]ssl$shutdown.com; + + file [ssl.com]ssl$systartup.com; + file [ssl.com]ssl$syshutdown.com; + file [ssl.com]ssl$utils.com; +-- + file [ssl.com]ssl$auth_cert.com; + file [ssl.com]ssl$auto_cert.com; + file [ssl.com]ssl$cert_tool.com; + file [ssl.com]ssl$conf_util.com; + file [ssl.com]ssl$draw_box.com; + file [ssl.com]ssl$exit_cmd.tpu; + file [ssl.com]ssl$fill_box.com; + file [ssl.com]ssl$hash_cert.com; + file [ssl.com]ssl$init_env.com; + file [ssl.com]ssl$init_term.com; + file [ssl.com]ssl$pick_file.com; + file [ssl.com]ssl$rem_env.com; + file [ssl.com]ssl$rqst_cert.com; + file [ssl.com]ssl$self_cert.com; + file [ssl.com]ssl$show_file.com; + file [ssl.com]ssl$sign_cert.com; + file [ssl.com]ssl$view_cert.com; +-- +end product ; diff --git a/cpq-axpvms-ssl-t0100--1.pcsi$text b/cpq-axpvms-ssl-t0100--1.pcsi$text new file mode 100644 index 000000000..3bee61801 --- /dev/null +++ b/cpq-axpvms-ssl-t0100--1.pcsi$text @@ -0,0 +1,82 @@ +=product CPQ AXPVMS SSL T1.0 full +1 'PRODUCT +=prompt SSL for OpenVMS Alpha T1.0 (Based on OpenSSL 0.9.6B). +SSL for OpenVMS provides a toolkit that implements SSL V2/V3, TLS V1, +and a general purpose cryptography library. + +1 'PRODUCER + +1 'NOTICE +=prompt (c) Compaq Computer Corporation 2002. All rights reserved. + +COMPAQ Registered in U.S. Patent and Trademark Office. + +Confidential computer software. Valid license from Compaq or +authorized sublicensor required for possession, use or copying. +Consistent with FAR 12.211 and 12.212, Commercial Computer Software, +Computer Software Documentation, and Technical Data for Commercial +Items are licensed to the U.S. Government under vendor's standard +commercial license. + +This software is installable on OpenVMS processors using the POLYCENTER +Software Installation utility. + +IMPORTANT LEGAL NOTICE: + + Exports of this product are subject to U.S. Export Administration + Regulations pertaining to encryption items and may require that + individual export authorization be obtained from the U.S. + Department of Commerce. + +1 START_INSTRUCTION +=prompt @SYS$STARTUP:SSL$STARTUP.COM should be run at system startup. +Once the installation is complete, adding the following line to +SYS$MANAGER:SYSTARTUP_VMS.COM will define the SSL$ logicals +in the SYSTEM logical name table: + + $ @SYS$STARTUP:SSL$STARTUP.COM "/SYSTEM" + +It is also possible to have the logicals placed in other logical +name tables - EXEC,USER, etc - by replacing the SYSTEM parameter +above with the alternate table name. + + +1 RELEASE_NOTES +=prompt Refer to SYS$HELP:SSL010.RELEASE_NOTES for more information. +The SSL product release notes contain up to date information regarding +bug fixes, known problems, and general installation information. + +1 RUN_IVP +=prompt Run the installation verification procedure (IVP)? +This option determines if the installation verification +procedure will be run as part of the installation. The procedure +should take few minutes to run, depending on the processor +speed. If it is not run during the installation, then it +should be run as part of the post installation procedure. + +1 POST_INSTALL +=prompt There are post installation activities that need to be performed. +This includes things like defining logical names and running SSL$UTIL.COM +to define some foreign symbols, and running the IVP if it was not done +as part of the installation. Refer the to Release Notes for more +information about activities that should be performed once the installation +has finished. + +SSL has created the following directory structure in +PCSI$DESTINATION, which defaults to SYS$SYSDEVICE:[VMS$COMMON]: + + [SSL] - + [SSL.ALPHA_EXE] - Contains the images for the Alpha platform. + [SSL.ALPHA_LIB] - Contains the .OLBs for the Alpha platform. + [SSL.CERTS] - Directory to hold certificates + [SSL.COM] - Directory to hold the various command procedures. + [SSL.CONF] - Contains the configuration files. + [SSL.INCLUDE] - Contains the C Header (.H) files. + [SSL.PRIVATE] - Files specifically for SSL use such as RANDFILE. + [SSL.TEST] - Contains the files used during the IVP. + + +1 NOAXPVMS +=prompt Minimum OpenVMS Alpha software not found on system, abort installation +This kit requires a minimum OpenVMS Alpha version of V7.2. + diff --git a/crypto/bio/b_sock.c b/crypto/bio/b_sock.c index dcaef68ea..684b38db3 100644 --- a/crypto/bio/b_sock.c +++ b/crypto/bio/b_sock.c @@ -86,6 +86,17 @@ static int wsa_init_done=0; static unsigned long BIO_ghbn_hits=0L; static unsigned long BIO_ghbn_miss=0L; +/* For 64-bit API */ +#if __INITIAL_POINTER_SIZE == 64 +#pragma __required_pointer_size __save +#pragma __required_pointer_size 32 +#endif +typedef char ** char_32pp; +typedef char * char_32p; +#if __INITIAL_POINTER_SIZE == 64 +#pragma __required_pointer_size __restore +#endif + #define GHBN_NUM 4 static struct ghbn_cache_st { @@ -282,18 +293,34 @@ static struct hostent *ghbn_dup(struct hostent *a) for (i=0; a->h_aliases[i] != NULL; i++) ; i++; +#ifdef OPENSSL_SYS_VMS + ret->h_aliases = (char_32pp)_malloc32(i*sizeof(char_32p)); /* changed for both 32-bit & 64-bit */ +#else ret->h_aliases = (char **)OPENSSL_malloc(i*sizeof(char *)); +#endif if (ret->h_aliases == NULL) goto err; +#ifdef OPENSSL_SYS_VMS + _memset32(ret->h_aliases, 0, i*sizeof(char_32p)); /* changed for both 32-bit & 64-bit */ +#else memset(ret->h_aliases, 0, i*sizeof(char *)); +#endif for (i=0; a->h_addr_list[i] != NULL; i++) ; i++; +#ifdf OPENSSL_SYS_VMS + ret->h_addr_list=(char_32pp)_malloc32(i*sizeof(char_32p)); /* changed for both 32-bit & 64-bit */ +#else ret->h_addr_list=(char **)OPENSSL_malloc(i*sizeof(char *)); +#endif if (ret->h_addr_list == NULL) goto err; +#ifdef OPENSSL_SYS_VMS + _memset32(ret->h_addr_list, 0, i*sizeof(char_32p)); /* changed for both 32-bit & 64-bit */ +#else memset(ret->h_addr_list, 0, i*sizeof(char *)); +#endif j=strlen(a->h_name)+1; if ((ret->h_name=OPENSSL_malloc(j)) == NULL) goto err; @@ -301,15 +328,24 @@ static struct hostent *ghbn_dup(struct hostent *a) for (i=0; a->h_aliases[i] != NULL; i++) { j=strlen(a->h_aliases[i])+1; +#ifdef OPENSSL_SYS_VMS + if ((ret->h_aliases[i]=(char_32p)_malloc32(j)) == NULL) goto err; /* changed for both 32-bit & 64-bit */ +#else if ((ret->h_aliases[i]=OPENSSL_malloc(j)) == NULL) goto err; +#endif memcpy(ret->h_aliases[i],a->h_aliases[i],j); } ret->h_length=a->h_length; ret->h_addrtype=a->h_addrtype; for (i=0; a->h_addr_list[i] != NULL; i++) { +#ifdef OPENSSL_SYS_VMS + if ((ret->h_addr_list[i]=(char_32p)_malloc32(a->h_length)) == NULL) /* changed for both 32-bit & 64-bit */ + goto err; +#else if ((ret->h_addr_list[i]=OPENSSL_malloc(a->h_length)) == NULL) goto err; +#endif memcpy(ret->h_addr_list[i],a->h_addr_list[i],a->h_length); } if (0) @@ -332,15 +368,27 @@ static void ghbn_free(struct hostent *a) if (a->h_aliases != NULL) { +#ifdef OPENSSL_SYS_VMS + for (i=0; a->h_aliases[i] != NULL; i++) + free(a->h_aliases[i]); + free(a->h_aliases); +#else for (i=0; a->h_aliases[i] != NULL; i++) OPENSSL_free(a->h_aliases[i]); OPENSSL_free(a->h_aliases); +#endif } if (a->h_addr_list != NULL) { +#ifdef OPENSSL_SYS_VMS + for (i=0; a->h_addr_list[i] != NULL; i++) + free(a->h_addr_list[i]); + free(a->h_addr_list); +#else for (i=0; a->h_addr_list[i] != NULL; i++) OPENSSL_free(a->h_addr_list[i]); OPENSSL_free(a->h_addr_list); +#endif } if (a->h_name != NULL) OPENSSL_free(a->h_name); OPENSSL_free(a); @@ -480,7 +528,7 @@ void BIO_sock_cleanup(void) #if !defined(OPENSSL_SYS_VMS) || __VMS_VER >= 70000000 -int BIO_socket_ioctl(int fd, long type, unsigned long *arg) +int BIO_socket_ioctl(int fd, long type, UINT_L32p arg) /* changed for 64-bit API */ { int i; diff --git a/crypto/bio/bio.h b/crypto/bio/bio.h index b122c7069..8eeb70322 100644 --- a/crypto/bio/bio.h +++ b/crypto/bio/bio.h @@ -573,6 +573,20 @@ int BIO_dump(BIO *b,const char *bytes,int len); int BIO_dump_indent(BIO *b,const char *bytes,int len,int indent); struct hostent *BIO_gethostbyname(const char *name); + +#ifdef OPENSSL_SYS_VMS +/* For 64-bit API */ +#if __INITIAL_POINTER_SIZE == 64 +#pragma __required_pointer_size __save +#pragma __required_pointer_size 32 +#endif +typedef unsigned long * UINT_L32p; +#if __INITIAL_POINTER_SIZE == 64 +#pragma __required_pointer_size __restore +#endif +#endif +/* OPENSSL_SYS_VMS */ + /* We might want a thread-safe interface too: * struct hostent *BIO_gethostbyname_r(const char *name, * struct hostent *result, void *buffer, size_t buflen); @@ -581,8 +595,13 @@ struct hostent *BIO_gethostbyname(const char *name); * substructures; if the buffer does not suffice, NULL is returned * and an appropriate error code is set). */ + int BIO_sock_error(int sock); +#ifdef OPENSSL_SYS_VMS +int BIO_socket_ioctl(int fd, long type, UINT_L32p arg); +#else int BIO_socket_ioctl(int fd, long type, unsigned long *arg); +#endif int BIO_socket_nbio(int fd,int mode); int BIO_get_port(const char *str, unsigned short *port_ptr); int BIO_get_host_ip(const char *str, unsigned char *ip); diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c index f91ae4c8c..20faee2f3 100644 --- a/crypto/bio/bss_conn.c +++ b/crypto/bio/bss_conn.c @@ -75,6 +75,9 @@ #undef FIONBIO #endif +#if(defined(OPENSSL_SYS_VMS)) +#include +#endif typedef struct bio_connect_st { @@ -98,6 +101,13 @@ typedef struct bio_connect_st int (*info_callback)(const BIO *bio,int state,int ret); } BIO_CONNECT; +struct iosb /* i/o status block */ + { + unsigned short status; /* i/o completion status */ + unsigned short bytcnt; /* bytes transferred if read/write */ + void *details; /* address of buffer or parameter */ + }; + static int conn_write(BIO *h, const char *buf, int num); static int conn_read(BIO *h, char *buf, int size); static int conn_puts(BIO *h, const char *str); @@ -404,33 +414,69 @@ static int conn_read(BIO *b, char *out, int outl) int ret=0; BIO_CONNECT *data; +#ifdef OPENSSL_SYS_VMS + int sts; + struct iosb *iosb; + + iosb = malloc(sizeof(iosb)); +#endif + data=(BIO_CONNECT *)b->ptr; if (data->state != BIO_CONN_S_OK) { ret=conn_state(b,data); if (ret <= 0) - return(ret); + return(ret); } if (out != NULL) { clear_socket_error(); + +#ifndef OPENSSL_SYS_VMS ret=readsocket(b->num,out,outl); +#else + sts = SYS$QIOW( + 0, + decc$get_sdc(b->num), + IO$_READVBLK, + iosb, + 0, + 0, + out, + outl, + 0,0,0,0); +#endif BIO_clear_retry_flags(b); - if (ret <= 0) - { - if (BIO_sock_should_retry(ret)) - BIO_set_retry_read(b); - } - } + +#ifdef OPENSSL_SYS_VMS + if (sts != 1 || iosb->status != 1) /* SYS$QIOW failed */ + { + if (BIO_sock_should_retry(ret)) + BIO_set_retry_read(b); + } + else + ret = outl; + + free(iosb); +#endif + } + return(ret); } static int conn_write(BIO *b, const char *in, int inl) { - int ret; + int ret = 0; BIO_CONNECT *data; +#ifdef OPENSSL_SYS_VMS + int sts; + struct iosb *iosb; + + iosb = malloc(sizeof(iosb)); +#endif + data=(BIO_CONNECT *)b->ptr; if (data->state != BIO_CONN_S_OK) { @@ -439,13 +485,34 @@ static int conn_write(BIO *b, const char *in, int inl) } clear_socket_error(); + +#ifndef OPENSSL_SYS_VMS ret=writesocket(b->num,in,inl); - BIO_clear_retry_flags(b); - if (ret <= 0) - { - if (BIO_sock_should_retry(ret)) - BIO_set_retry_write(b); - } +#else + sts = SYS$QIOW( + 0, + decc$get_sdc(b->num), + IO$_WRITEVBLK, + iosb, + 0, + 0, + in, + inl, + 0,0,0,0); +#endif + BIO_clear_retry_flags(b); + +#ifdef OPENSSL_SYS_VMS + if (sts != 1 || iosb->status != 1) /* SYS$QIO failed */ + { + if (BIO_sock_should_retry(ret)) + BIO_set_retry_read(b); + } + else + ret = inl; + + free(iosb); +#endif return(ret); } diff --git a/crypto/bio/bss_log.c b/crypto/bio/bss_log.c index a39d95297..85733c4f3 100644 --- a/crypto/bio/bss_log.c +++ b/crypto/bio/bss_log.c @@ -75,6 +75,7 @@ # include # include # include +# include #elif defined(__ultrix) # include #elif !defined(MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && !defined(NO_SYSLOG) /* Unix */ @@ -326,13 +327,30 @@ static void xopenlog(BIO* bp, char* name, int level) static void xsyslog(BIO *bp, int priority, const char *string) { struct dsc$descriptor_s opc_dsc; - struct opcdef *opcdef_p; - char buf[10240]; + + +/* For 64-bit API */ +#if __INITIAL_POINTER_SIZE == 64 +#pragma __required_pointer_size __save +#pragma __required_pointer_size 32 +#endif + struct opcdef *opcdef_p; + typedef char * char_32p; + typedef struct opcdef * OPCDEF_TYPE_P; +#if __INITIAL_POINTER_SIZE == 64 +#pragma __required_pointer_size __restore +#endif + + char_32p buf; + const int bufsize = 10240; + unsigned int len; struct dsc$descriptor_s buf_dsc; $DESCRIPTOR(fao_cmd, "!AZ: !AZ"); char *priority_tag; + buf = (char_32p)_malloc32(bufsize); + switch (priority) { case LOG_EMERG: priority_tag = "Emergency"; break; @@ -353,7 +371,7 @@ static void xsyslog(BIO *bp, int priority, const char *string) lib$sys_fao(&fao_cmd, &len, &buf_dsc, priority_tag, string); /* we know there's an 8 byte header. That's documented */ - opcdef_p = (struct opcdef *) OPENSSL_malloc(8 + len); + opcdef_p = (OPCDEF_TYPE_P) OPENSSL_malloc(8 + len); opcdef_p->opc$b_ms_type = OPC$_RQ_RQST; memcpy(opcdef_p->opc$z_ms_target_classes, &VMS_OPC_target, 3); opcdef_p->opc$l_ms_rqstid = 0; @@ -361,12 +379,13 @@ static void xsyslog(BIO *bp, int priority, const char *string) opc_dsc.dsc$b_dtype = DSC$K_DTYPE_T; opc_dsc.dsc$b_class = DSC$K_CLASS_S; - opc_dsc.dsc$a_pointer = (char *)opcdef_p; + opc_dsc.dsc$a_pointer = (char_32p)opcdef_p; opc_dsc.dsc$w_length = len + 8; sys$sndopr(opc_dsc, 0); OPENSSL_free(opcdef_p); + free(buf); } static void xcloselog(BIO* bp) diff --git a/crypto/bio/bss_sock.c b/crypto/bio/bss_sock.c index fdabd16d7..80e845e87 100644 --- a/crypto/bio/bss_sock.c +++ b/crypto/bio/bss_sock.c @@ -64,6 +64,20 @@ #include "cryptlib.h" #include +#ifdef OPENSSL_SYS_VMS +/* For 64-bit API */ +#if __INITIAL_POINTER_SIZE == 64 +#pragma __required_pointer_size __save +#pragma __required_pointer_size 32 +#endif +typedef char * char_32p; +#if __INITIAL_POINTER_SIZE == 64 +#pragma __required_pointer_size __restore +#endif + +#endif + + static int sock_write(BIO *h, const char *buf, int num); static int sock_read(BIO *h, char *buf, int size); static int sock_puts(BIO *h, const char *str); @@ -129,10 +143,43 @@ static int sock_read(BIO *b, char *out, int outl) { int ret=0; +#ifdef OPENSSL_SYS_VMS +#if __INITIAL_POINTER_SIZE == 64 +#pragma __required_pointer_size __save +#pragma __required_pointer_size 32 + + char_32p out32; + + out32 = (char_32p)_malloc32(outl*sizeof(char_32p)); /* changed for 64-bit */ + _memset32(out32, 0, outl*sizeof(char_32p)); /* changed for 64-bit */ + memcpy(out32,out,outl); /* changed for 64-bit */ + +#pragma __required_pointer_size __restore +#endif +#endif + +#ifdef OPENSSL_SYS_VMS +# if __INITIAL_POINTER_SIZE == 64 + if (out32 != NULL) +# else if (out != NULL) +# endif +#else + if (out != NULL) +#endif { clear_socket_error(); +#ifdef OPENSSL_SYS_VMS +# if __INITIAL_POINTER_SIZE == 64 + ret=readsocket(b->num,out32,outl); + memcpy(out,out32,outl); + free(out32); +# else ret=readsocket(b->num,out,outl); +# endif +#else + ret=readsocket(b->num,out,outl); +#endif BIO_clear_retry_flags(b); if (ret <= 0) { @@ -146,9 +193,34 @@ static int sock_read(BIO *b, char *out, int outl) static int sock_write(BIO *b, const char *in, int inl) { int ret; - + +#ifdef OPENSSL_SYS_VMS +#if __INITIAL_POINTER_SIZE == 64 +#pragma __required_pointer_size __save +#pragma __required_pointer_size 32 + + char_32p in32; + + in32 = (char_32p)_malloc32(inl*sizeof(char_32p)); /* changed for 64-bit */ + _memset32(in32, 0, inl*sizeof(char_32p)); /* changed for 64-bit */ + memcpy(in32,in,inl); /* changed for 64-bit */ + +#pragma __required_pointer_size __restore +#endif +#endif + clear_socket_error(); - ret=writesocket(b->num,in,inl); + +#ifdef OPENSSL_SYS_VMS +# if __INITIAL_POINTER_SIZE == 64 + ret=writesocket(b->num,in32,inl); + free(in32); +# else + ret=writesocket(b->num,in,inl); +# endif +#else + ret=writesocket(b->num,in,inl); +#endif BIO_clear_retry_flags(b); if (ret <= 0) { diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index 31f276624..696fbeb61 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -579,7 +579,14 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from) q='}'; else if (*s == '(') q=')'; - else q=0; +#ifdef OPENSSL_SYS_VMS + else{ + buf->data[to++]= *(from++); + continue; + } +#else + else q=0; +#endif if (q) s++; cp=section; diff --git a/crypto/crypto-lib.com b/crypto/crypto-lib.com index ca0247be0..661c3f520 100644 --- a/crypto/crypto-lib.com +++ b/crypto/crypto-lib.com @@ -49,6 +49,7 @@ $! P5, if defined, sets a TCP/IP library to use, through one of the following $! keywords: $! $! UCX for UCX +$! TCPIP for TCPIP (post UCX) $! SOCKETSHR for SOCKETSHR+NETLIB $! $! P6, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up) @@ -58,6 +59,11 @@ $! WARNING: this should only be done to recompile some part of an already $! fully compiled library. $! $! +$! Define USER_CCFLAGS +$! +$ @[-]vms_build_info.com +$ WRITE SYS$OUTPUT " Using USER_CCFLAGS = ", USER_CCFLAGS +$! $! Define A TCP/IP Library That We Will Need To Link To. $! (That Is, If We Need To Link To One.) $! @@ -123,6 +129,23 @@ $! End The Architecture Specific OBJ Directory Check. $! $ ENDIF $! +$! Define The LIS Directory. +$! +$ LIS_DIR := SYS$DISK:[-.'ARCH'.LIS.CRYPTO] +$! +$! Check To See If The Architecture Specific LIS Directory Exists. +$! +$ IF (F$PARSE(LIS_DIR).EQS."") +$ THEN +$! +$! It Dosen't Exist, So Create It. +$! +$ CREATE/DIR 'LIS_DIR' +$! +$! End The Architecture Specific LIS Directory Check. +$! +$ ENDIF +$! $! Define The EXE Directory. $! $ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.CRYPTO] @@ -142,15 +165,15 @@ $ ENDIF $! $! Define The Library Name. $! -$ LIB_NAME := 'EXE_DIR'LIBCRYPTO.OLB +$ LIB_NAME := 'EXE_DIR'LIBCRYPTO'build_bits'.OLB $! $! Define The CRYPTO-LIB We Are To Use. $! -$ CRYPTO_LIB := 'EXE_DIR'LIBCRYPTO.OLB +$ CRYPTO_LIB := 'EXE_DIR'LIBCRYPTO'build_bits'.OLB $! $! Define The RSAREF-LIB We Are To Use. $! -$ RSAREF_LIB := SYS$DISK:[-.'ARCH'.EXE.RSAREF]LIBRSAGLUE.OLB +$ RSAREF_LIB := SYS$DISK:[-.'ARCH'.EXE.RSAREF]LIBRSAGLUE'build_bits'.OLB $! $! Check To See If We Already Have A "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" Library... $! @@ -228,7 +251,7 @@ $ LIB_STACK = "stack" $ LIB_LHASH = "lhash,lh_stats" $ LIB_RAND = "md_rand,randfile,rand_lib,rand_err,rand_egd,"+ - "rand_vms" -$ LIB_ERR = "err,err_all,err_prn" +$ LIB_ERR = "err,err_all,err_prn,progname" $ LIB_OBJECTS = "o_names,obj_dat,obj_lib,obj_err" $ LIB_EVP = "encode,digest,evp_enc,evp_key,"+ - "e_des,e_bf,e_idea,e_des3,"+ - @@ -282,7 +305,7 @@ $! $! Setup exceptional compilations $! $ COMPILEWITH_CC3 = ",bss_rtcp," -$ COMPILEWITH_CC4 = ",a_utctm,bss_log,o_time," +$ COMPILEWITH_CC4 = ",a_utctm,bss_log,o_time,read_pwd," $ COMPILEWITH_CC5 = ",md2_dgst,md4_dgst,md5_dgst,mdc2dgst," + - "sha_dgst,sha1dgst,rmd_dgst,bf_enc," $! @@ -297,10 +320,10 @@ $! $ IF (F$SEARCH("SYS$DISK:[-.RSAREF]RSAREF.C").EQS."") $ THEN $! -$! Tell The User That The File Doesn't Exist. +$! Tell The User That The File Dosen't Exist. $! $ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The File [-.RSAREF]RSAREF.C Doesn't Exist." +$ WRITE SYS$OUTPUT F$MESSAGE("%X10018290") + ". The File [-.RSAREF]RSAREF.C Dosen't Exist." $ WRITE SYS$OUTPUT "" $! $! Exit The Build. @@ -332,10 +355,10 @@ $! $ IF (F$SEARCH("SYS$DISK:[-.RSAREF]RSAR_ERR.C").EQS."") $ THEN $! -$! Tell The User That The File Doesn't Exist. +$! Tell The User That The File Dosen't Exist. $! $ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The File [-.RSAREF]RSAR_ERR.C Doesn't Exist." +$ WRITE SYS$OUTPUT F$MESSAGE("%X10018290") + ". The File [-.RSAREF]RSAR_ERR.C Dosen't Exist." $ WRITE SYS$OUTPUT "" $! $! Exit The Build. @@ -538,6 +561,10 @@ $ SOURCE_FILE = "SYS$DISK:[]" + FILE_NAME $ ENDIF $ SOURCE_FILE = SOURCE_FILE - "][" $! +$! Create The Listing File Name. +$! +$ LIST_FILE = LIS_DIR + F$PARSE(FILE_NAME,,,"NAME","SYNTAX_ONLY") + ".LIS" +$! $! Create The Object File Name. $! $ OBJECT_FILE = OBJ_DIR + F$PARSE(FILE_NAME,,,"NAME","SYNTAX_ONLY") + ".OBJ" @@ -548,10 +575,10 @@ $! $ IF (F$SEARCH(SOURCE_FILE).EQS."") $ THEN $! -$! Tell The User That The File Doesn't Exist. +$! Tell The User That The File Dosen't Exist. $! $ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Doesn't Exist." +$ WRITE SYS$OUTPUT F$MESSAGE("%X10018290") + ". The File ",SOURCE_FILE," Dosen't Exist." $ WRITE SYS$OUTPUT "" $! $! Exit The Build. @@ -579,21 +606,21 @@ $ ON ERROR THEN GOTO NEXT_FILE $ FILE_NAME0 = F$ELEMENT(0,".",FILE_NAME) $ IF FILE_NAME - ".mar" .NES. FILE_NAME $ THEN -$ MACRO/OBJECT='OBJECT_FILE' 'SOURCE_FILE' +$ MACRO/OBJECT='OBJECT_FILE'/LIST='LIST_FILE' 'SOURCE_FILE' $ ELSE $ IF COMPILEWITH_CC3 - FILE_NAME0 .NES. COMPILEWITH_CC3 $ THEN -$ CC3/OBJECT='OBJECT_FILE' 'SOURCE_FILE' +$ CC3/OBJECT='OBJECT_FILE'/LIST='LIST_FILE'/MACHINE_CODE 'SOURCE_FILE' $ ELSE $ IF COMPILEWITH_CC4 - FILE_NAME0 .NES. COMPILEWITH_CC4 $ THEN -$ CC4/OBJECT='OBJECT_FILE' 'SOURCE_FILE' +$ CC4/OBJECT='OBJECT_FILE'/LIST='LIST_FILE'/MACHINE_CODE 'SOURCE_FILE' $ ELSE $ IF COMPILEWITH_CC5 - FILE_NAME0 .NES. COMPILEWITH_CC5 $ THEN -$ CC5/OBJECT='OBJECT_FILE' 'SOURCE_FILE' +$ CC5/OBJECT='OBJECT_FILE'/LIST='LIST_FILE'/MACHINE_CODE 'SOURCE_FILE' $ ELSE -$ CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE' +$ CC/OBJECT='OBJECT_FILE'/LIST='LIST_FILE'/MACHINE_CODE 'SOURCE_FILE' $ ENDIF $ ENDIF $ ENDIF @@ -651,9 +678,10 @@ $! $! Link With The RSAREF Library And A Specific TCP/IP Library. $! $ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR''APPLICATION'.EXE - + /MAP='LIS_DIR''APPLICATION'.MAP /FULL/CROSS - 'OBJ_DIR''APPLICATION_OBJECTS', - 'CRYPTO_LIB'/LIBRARY,'RSAREF_LIB'/LIBRARY, - - 'TCPIP_LIB','OPT_FILE'/OPTION + 'TCPIP_LIB','OPT_FILE'/OPTION, SYS$DISK:[-]SSL_IDENT.OPT/OPTION $! $! Else... $! @@ -662,9 +690,10 @@ $! $! Link With The RSAREF Library And NO TCP/IP Library. $! $ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR''APPLICATION'.EXE - + /MAP='LIS_DIR''APPLICATION'.MAP /FULL/CROSS - 'OBJ_DIR''APPLICATION_OBJECTS', - 'CRYPTO_LIB'/LIBRARY,'RSAREF_LIB'/LIBRARY, - - 'OPT_FILE'/OPTION + 'OPT_FILE'/OPTION, SYS$DISK:[-]SSL_IDENT.OPT/OPTION $! $! End The TCP/IP Library Check. $! @@ -685,9 +714,10 @@ $! $! Don't Link With The RSAREF Routines And TCP/IP Library. $! $ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR''APPLICATION'.EXE - + /MAP='LIS_DIR''APPLICATION'.MAP /FULL/CROSS - 'OBJ_DIR''APPLICATION_OBJECTS', - 'CRYPTO_LIB'/LIBRARY, - - 'TCPIP_LIB','OPT_FILE'/OPTION + 'TCPIP_LIB','OPT_FILE'/OPTION, SYS$DISK:[-]SSL_IDENT.OPT/OPTION $! $! Else... $! @@ -696,9 +726,10 @@ $! $! Don't Link With The RSAREF Routines And Link With A TCP/IP Library. $! $ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR''APPLICATION'.EXE - + /MAP='LIS_DIR''APPLICATION'.MAP /FULL/CROSS - 'OBJ_DIR''APPLICATION_OBJECTS',- 'CRYPTO_LIB'/LIBRARY, - - 'OPT_FILE'/OPTION + 'OPT_FILE'/OPTION, SYS$DISK:[-]SSL_IDENT.OPT/OPTION $! $! End The TCP/IP Library Check. $! @@ -935,7 +966,7 @@ $! $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT "It appears that you don't have the RSAREF Souce Code." $ WRITE SYS$OUTPUT "You need to go to 'ftp://ftp.rsa.com/rsaref'. You have to" -$ WRITE SYS$OUTPUT "get the '.tar-Z' file as the '.zip' file doesn't have the" +$ WRITE SYS$OUTPUT "get the '.tar-Z' file as the '.zip' file dosen't have the" $ WRITE SYS$OUTPUT "directory structure stored. You have to extract the file" $ WRITE SYS$OUTPUT "into the [.RSAREF] directory under the root directory" $ WRITE SYS$OUTPUT "as that is where the scripts will look for the files." @@ -1188,7 +1219,7 @@ $ CC = "CC" $ IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" - THEN CC = "CC/DECC" $ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + - - "/NOLIST/PREFIX=ALL" + - + "/PREFIX=ALL" + - "/INCLUDE=(SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP])" + - CCEXTRAFLAGS $! @@ -1222,7 +1253,7 @@ $ WRITE SYS$OUTPUT "There is no VAX C on Alpha!" $ EXIT $ ENDIF $ IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC" -$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + - +$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'" + - "/INCLUDE=(SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + - CCEXTRAFLAGS $ CCDEFS = """VAXC""," + CCDEFS @@ -1254,7 +1285,7 @@ $ WRITE SYS$OUTPUT "Using GNU 'C' Compiler." $! $! Use GNU C... $! -$ CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + - +$ CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'" + - "/INCLUDE=(SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + - CCEXTRAFLAGS $! @@ -1358,7 +1389,7 @@ $ WRITE SYS$OUTPUT "Main MACRO Compiling Command: ",MACRO $! $! Time to check the contents, and to make sure we get the correct library. $! -$ IF P5.EQS."SOCKETSHR" .OR. P5.EQS."MULTINET" .OR. P5.EQS."UCX" +$ IF P5.EQS."SOCKETSHR" .OR. P5.EQS."MULTINET" .OR. P5.EQS."UCX" .OR. P5.EQS."TCPIP" .OR. P5.EQS."NONE" $ THEN $! $! Check to see if SOCKETSHR was chosen @@ -1407,6 +1438,32 @@ $! Done with UCX $! $ ENDIF $! +$! Check to see if TCPIP was chosen +$! +$ IF P5.EQS."TCPIP" +$ THEN +$! +$! Set the library to use TCPIP (post UCX). +$! +$ TCPIP_LIB = "[-.VMS]TCPIP_SHR_DECC.OPT/OPT" +$! +$! Done with TCPIP +$! +$ ENDIF +$! +$! Check to see if NONE was chosen +$! +$ IF P5.EQS."NONE" +$ THEN +$! +$! Do not use a TCPIP library. +$! +$ TCPIP_LIB = "" +$! +$! Done with TCPIP +$! +$ ENDIF +$! $! Print info $! $ WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB @@ -1422,6 +1479,7 @@ $ WRITE SYS$OUTPUT "The Option ",P5," Is Invalid. The Valid Options Are:" $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT " SOCKETSHR : To link with SOCKETSHR TCP/IP library." $ WRITE SYS$OUTPUT " UCX : To link with UCX TCP/IP library." +$ WRITE SYS$OUTPUT " TCPIP : To link with TCPIP (post UCX) TCP/IP library." $ WRITE SYS$OUTPUT "" $! $! Time To EXIT. diff --git a/crypto/des/des-lib.com b/crypto/des/des-lib.com index fc2c35a1c..dddc17761 100644 --- a/crypto/des/des-lib.com +++ b/crypto/des/des-lib.com @@ -40,6 +40,16 @@ $! $! P4, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up) $! $! +$! Define USER_CCFLAGS +$! +$ write sys$output " " +$ write sys$output " Now running in DES-LIB.COM. " +$ write sys$output " " +$! +$ @[-]vms_build_info.com +$ WRITE SYS$OUTPUT " Using USER_CCFLAGS = ", USER_CCFLAGS +$! +$! $! Make sure we know what architecture we run on. $! $! @@ -89,6 +99,23 @@ $! End The Architecture Specific OBJ Directory Check. $! $ ENDIF $! +$! Define The LIS Directory Name. +$! +$ LIS_DIR := SYS$DISK:[--.'ARCH'.LIS.CRYPTO.DES] +$! +$! Check To See If The Architecture Specific LIS Directory Exists. +$! +$ IF (F$PARSE(LIS_DIR).EQS."") +$ THEN +$! +$! It Dosen't Exist, So Create It. +$! +$ CREATE/DIR 'LIS_DIR' +$! +$! End The Architecture Specific LIS Directory Check. +$! +$ ENDIF +$! $! Define The EXE Directory Name. $! $ EXE_DIR :== SYS$DISK:[--.'ARCH'.EXE.CRYPTO.DES] @@ -108,7 +135,7 @@ $ ENDIF $! $! Define The Library Name. $! -$ LIB_NAME := 'EXE_DIR'LIBDES.OLB +$ LIB_NAME := 'EXE_DIR'LIBDES'build_bits'.OLB $! $! Check To See What We Are To Do. $! @@ -167,6 +194,12 @@ $ LIB_DES = "set_key,ecb_enc,cbc_enc,"+ - "des_enc,fcrypt_b,read2pwd,"+ - "fcrypt,xcbc_enc,read_pwd,rpc_enc,cbc_cksm,supp" $! +$! Setup exceptional compilations +$! +$ COMPILEWITH_CC3 = "" +$ COMPILEWITH_CC4 = ",read_pwd," +$ COMPILEWITH_CC5 = "" +$! $! Define A File Counter And Set It To "0". $! $ FILE_COUNTER = 0 @@ -197,6 +230,10 @@ $ WRITE SYS$OUTPUT " ",FILE_NAME,".C" $! $! Create The Object File Name. $! +$ LIST_FILE = LIS_DIR + FILE_NAME + "." + ARCH + "LIS" +$! +$! Create The Object File Name. +$! $ OBJECT_FILE = OBJ_DIR + FILE_NAME + "." + ARCH + "OBJ" $ ON WARNING THEN GOTO NEXT_FILE $! @@ -222,7 +259,28 @@ $! $! Compile The File. $! $ ON ERROR THEN GOTO NEXT_FILE -$ CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE' +$ FILE_NAME0 = F$ELEMENT(0,".",FILE_NAME) +$ IF FILE_NAME - ".mar" .NES. FILE_NAME +$ THEN +$ MACRO/OBJECT='OBJECT_FILE'/LIST='LIST_FILE' 'SOURCE_FILE' +$ ELSE +$ IF COMPILEWITH_CC3 - FILE_NAME0 .NES. COMPILEWITH_CC3 +$ THEN +$ CC3/OBJECT='OBJECT_FILE'/LIST='LIST_FILE'/MACHINE_CODE 'SOURCE_FILE' +$ ELSE +$ IF COMPILEWITH_CC4 - FILE_NAME0 .NES. COMPILEWITH_CC4 +$ THEN +$ CC4/OBJECT='OBJECT_FILE'/LIST='LIST_FILE'/MACHINE_CODE 'SOURCE_FILE' +$ ELSE +$ IF COMPILEWITH_CC5 - FILE_NAME0 .NES. COMPILEWITH_CC5 +$ THEN +$ CC5/OBJECT='OBJECT_FILE'/LIST='LIST_FILE'/MACHINE_CODE 'SOURCE_FILE' +$ ELSE +$ CC/OBJECT='OBJECT_FILE'/LIST='LIST_FILE'/MACHINE_CODE 'SOURCE_FILE' +$ ENDIF +$ ENDIF +$ ENDIF +$ ENDIF $! $! Add It To The Library. $! @@ -290,7 +348,9 @@ $! $! Link The DESTEST Program. $! $ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'DESTEST.EXE - - 'OBJ_DIR'DESTEST.OBJ,'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION + /MAP='LIS_DIR'DESTEST.MAP /FULL/CROSS - + 'OBJ_DIR'DESTEST.OBJ,'LIB_NAME'/LIBRARY, - + 'OPT_FILE'/OPTION, SYS$DISK:[--]SSL_IDENT.OPT/OPTION $! $! All Done, Time To Return. $! @@ -338,7 +398,9 @@ $! $! Link The SPEED Program. $! $ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'SPEED.EXE - - 'OBJ_DIR'SPEED.OBJ,'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION + /MAP='LIS_DIR'SPEED.MAP /FULL/CROSS - + 'OBJ_DIR'SPEED.OBJ,'LIB_NAME'/LIBRARY, - + 'OPT_FILE'/OPTION, SYS$DISK:[--]SSL_IDENT.OPT/OPTION $! $! All Done, Time To Return. $! @@ -386,7 +448,9 @@ $! $! Link The RPW Program. $! $ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'RPW.EXE - - 'OBJ_DIR'RPW.OBJ,'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION + /MAP='LIS_DIR'RPW.MAP /FULL/CROSS - + 'OBJ_DIR'RPW.OBJ,'LIB_NAME'/LIBRARY, - + 'OPT_FILE'/OPTION, SYS$DISK:[--]SSL_IDENT.OPT/OPTION $! $! All Done, Time To Return. $! @@ -435,8 +499,10 @@ $! $! Link The DES Program. $! $ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'DES.EXE - + /MAP='LIS_DIR'DES.MAP /FULL/CROSS - 'OBJ_DIR'DES.OBJ,'OBJ_DIR'CBC3_ENC.OBJ,- - 'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION + 'LIB_NAME'/LIBRARY, - + 'OPT_FILE'/OPTION, SYS$DISK:[--]SSL_IDENT.OPT/OPTION $! $! All Done, Time To Return. $! @@ -484,7 +550,9 @@ $! $! Link The DES_OPTS Program. $! $ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'DES_OPTS.EXE - - 'OBJ_DIR'DES_OPTS.OBJ,'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION + /MAP='LIS_DIR'DES_OPTS.MAP /FULL/CROSS - + 'OBJ_DIR'DES_OPTS.OBJ,'LIB_NAME'/LIBRARY, - + 'OPT_FILE'/OPTION, SYS$DISK:[--]SSL_IDENT.OPT/OPTION $! $! All Done, Time To Return. $! @@ -850,7 +918,7 @@ $ CCDEFS = "" $ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = USER_CCDEFS $ CCEXTRAFLAGS = "" $ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS -$ CCDISABLEWARNINGS = "" +$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX,DOLLARID" $ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN - CCDISABLEWARNINGS = USER_CCDISABLEWARNINGS $! @@ -878,7 +946,7 @@ $ CC = "CC" $ IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" - THEN CC = "CC/DECC" $ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + - - "/NOLIST/PREFIX=ALL" + CCEXTRAFLAGS + "/PREFIX=ALL" + CCEXTRAFLAGS $! $! Define The Linker Options File Name. $! @@ -910,7 +978,7 @@ $ WRITE SYS$OUTPUT "There is no VAX C on Alpha!" $ EXIT $ ENDIF $ IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC" -$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + CCEXTRAFLAGS +$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'" + CCEXTRAFLAGS $ CCDEFS = """VAXC""," + CCDEFS $! $! Define As SYS$COMMON:[SYSLIB] @@ -940,7 +1008,7 @@ $ WRITE SYS$OUTPUT "Using GNU 'C' Compiler." $! $! Use GNU C... $! -$ CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + CCEXTRAFLAGS +$ CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'" + CCEXTRAFLAGS $! $! Define The Linker Options File Name. $! diff --git a/crypto/dso/dso_vms.c b/crypto/dso/dso_vms.c index 1674619d1..130a3351b 100644 --- a/crypto/dso/dso_vms.c +++ b/crypto/dso/dso_vms.c @@ -77,6 +77,16 @@ DSO_METHOD *DSO_METHOD_vms(void) #else #pragma message disable DOLLARID +/* For 64-bit API */ +#if __INITIAL_POINTER_SIZE == 64 +#pragma __required_pointer_size __save +#pragma __required_pointer_size 32 +#endif +typedef char * char_32p; +#if __INITIAL_POINTER_SIZE == 64 +#pragma __required_pointer_size __restore +#endif + static int vms_load(DSO *dso); static int vms_unload(DSO *dso); static void *vms_bind_var(DSO *dso, const char *symname); @@ -205,11 +215,11 @@ static int vms_load(DSO *dso) p->filename_dsc.dsc$w_length = strlen(p->filename); p->filename_dsc.dsc$b_dtype = DSC$K_DTYPE_T; p->filename_dsc.dsc$b_class = DSC$K_CLASS_S; - p->filename_dsc.dsc$a_pointer = p->filename; + p->filename_dsc.dsc$a_pointer = (char_32p)p->filename; /* changed for 64-bit API*/ p->imagename_dsc.dsc$w_length = strlen(p->imagename); p->imagename_dsc.dsc$b_dtype = DSC$K_DTYPE_T; p->imagename_dsc.dsc$b_class = DSC$K_CLASS_S; - p->imagename_dsc.dsc$a_pointer = p->imagename; + p->imagename_dsc.dsc$a_pointer = (char_32p)p->imagename; /* changed for 64-bit API*/ if(!sk_push(dso->meth_data, (char *)p)) { @@ -291,7 +301,7 @@ void vms_bind_sym(DSO *dso, const char *symname, void **sym) symname_dsc.dsc$w_length = strlen(symname); symname_dsc.dsc$b_dtype = DSC$K_DTYPE_T; symname_dsc.dsc$b_class = DSC$K_CLASS_S; - symname_dsc.dsc$a_pointer = (char *)symname; /* The cast is needed */ + symname_dsc.dsc$a_pointer = (char_32p)symname; /* The cast is needed */ /* changed for 64-bit API*/ if((dso == NULL) || (symname == NULL)) { diff --git a/crypto/err/err.c b/crypto/err/err.c index 04773d65a..b8d6331e0 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -122,6 +122,11 @@ static void err_load_strings(int lib, ERR_STRING_DATA *str); static void ERR_STATE_free(ERR_STATE *s); + +#ifdef _VMS +void ExtractProgName (char *,char **); +#endif + #ifndef OPENSSL_NO_ERR static ERR_STRING_DATA ERR_str_libraries[]= { @@ -642,7 +647,11 @@ void ERR_put_error(int lib, int func, int reason, const char *file, if (es->top == es->bottom) es->bottom=(es->bottom+1)%ERR_NUM_ERRORS; es->err_buffer[es->top]=ERR_PACK(lib,func,reason); +#ifdef _VMS + ExtractProgName ((char *)file, (char **)&es->err_file[es->top]); +#else es->err_file[es->top]=file; +#endif es->err_line[es->top]=line; err_clear_data(es,es->top); } diff --git a/crypto/err/progname.c b/crypto/err/progname.c new file mode 100644 index 000000000..7a0a785ed --- /dev/null +++ b/crypto/err/progname.c @@ -0,0 +1,60 @@ +#ifdef VMS + +#pragma nostandard +#include +#include + +void +ExtractProgName + ( + char *ImageName, + char **ProgName + ) +{ +#if __INITIAL_POINTER_SIZE == 64 +#pragma __required_pointer_size __save +#pragma __required_pointer_size 32 +#endif +typedef char char_32; +char *TmpImageName; +#if __INITIAL_POINTER_SIZE == 64 +#pragma __required_pointer_size __restore +#endif +char esa[NAM$C_MAXRSS], + rsa[NAM$C_MAXRSS]; +struct FAB fab; +struct NAM nam; +int status; + +fab = cc$rms_fab; +nam = cc$rms_nam; + +#if __INITIAL_POINTER_SIZE == 64 +TmpImageName = (char_32 *)_malloc32 (strlen (ImageName) + 1); +#else +TmpImageName = (char *)malloc (strlen (ImageName) + 1); +#endif +strncpy (TmpImageName, ImageName, strlen (ImageName)); +fab.fab$l_fna = TmpImageName; +fab.fab$b_fns = strlen (ImageName); +fab.fab$l_nam = &nam; + +nam.nam$l_esa = esa; +nam.nam$b_ess = sizeof (esa); +nam.nam$l_rsa = rsa; +nam.nam$b_rss = sizeof (rsa); +nam.nam$v_synchk = 1; + +status = SYS$PARSE (&fab); +if (! (status & 1)) + exit (status); + +*ProgName = (char *)malloc (nam.nam$b_name + 1); +strncpy (*ProgName, nam.nam$l_name, nam.nam$b_name); +*(*ProgName + nam.nam$b_name) = '\0'; + +free (TmpImageName); +#pragma standard +} + +#endif diff --git a/crypto/install.com b/crypto/install.com index b3d155e96..44fd1f000 100644 --- a/crypto/install.com +++ b/crypto/install.com @@ -11,7 +11,11 @@ $ WRITE SYS$OUTPUT "First argument missing." $ WRITE SYS$OUTPUT "Should be the directory where you want things installed." $ EXIT $ ENDIF -$ +$! +$! Define some VMS specific symbols. +$! +$ @[-]vms_build_info +$! $ ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0" $ ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY") $ ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") - @@ -20,15 +24,21 @@ $ ROOT = ROOT_DEV + "[" + ROOT_DIR $ $ DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC $ DEFINE/NOLOG WRK_SSLVLIB WRK_SSLROOT:[VAX_LIB] +$ DEFINE/NOLOG WRK_SSLVEXE WRK_SSLROOT:[VAX_EXE] $ DEFINE/NOLOG WRK_SSLALIB WRK_SSLROOT:[ALPHA_LIB] +$ DEFINE/NOLOG WRK_SSLAEXE WRK_SSLROOT:[ALPHA_EXE] $ DEFINE/NOLOG WRK_SSLINCLUDE WRK_SSLROOT:[INCLUDE] $ $ IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN - CREATE/DIR/LOG WRK_SSLROOT:[000000] $ IF F$PARSE("WRK_SSLVLIB:") .EQS. "" THEN - CREATE/DIR/LOG WRK_SSLVLIB: +$ IF F$PARSE("WRK_SSLVEXE:") .EQS. "" THEN - + CREATE/DIR/LOG WRK_SSLVEXE: $ IF F$PARSE("WRK_SSLALIB:") .EQS. "" THEN - CREATE/DIR/LOG WRK_SSLALIB: +$ IF F$PARSE("WRK_SSLAEXE:") .EQS. "" THEN - + CREATE/DIR/LOG WRK_SSLAEXE: $ IF F$PARSE("WRK_SSLINCLUDE:") .EQS. "" THEN - CREATE/DIR/LOG WRK_SSLINCLUDE: $ @@ -82,7 +92,18 @@ $ EXHEADER_COMP := comp.h $ EXHEADER_OCSP := ocsp.h $ EXHEADER_UI := ui.h,ui_compat.h $ EXHEADER_KRB5 := krb5_asn.h -$ LIBS := LIBCRYPTO +$! +$! We can combine the .OLBs and .EXEs under LIBS +$! since the two pieces of LOOP_* code are smart +$! enough to check for the existance of the file +$! before trying to copy it. +$! +$ if "''build_bits'" .eqs. "32" +$ then +$ LIBS := LIBCRYPTO'build_bits',SSL$LIBCRYPTO_SHR'build_bits' +$ else +$ LIBS := LIBCRYPTO'build_bits',SSL$LIBCRYPTO_SHR +$ endif $ $ VEXE_DIR := [-.VAX.EXE.CRYPTO] $ AEXE_DIR := [-.AXP.EXE.CRYPTO] @@ -117,8 +138,8 @@ $ ENDIF $ ! Preparing for the time when we have shareable images $ IF F$SEARCH(VEXE_DIR+E+".EXE") .NES. "" $ THEN -$ COPY 'VEXE_DIR''E'.EXE WRK_SSLVLIB:'E'.EXE/log -$ SET FILE/PROT=W:RE WRK_SSLVLIB:'E'.EXE +$ COPY 'VEXE_DIR''E'.EXE WRK_SSLVEXE:'E'.EXE/log +$ SET FILE/PROT=W:RE WRK_SSLVEXE:'E'.EXE $ ENDIF $ IF F$SEARCH(AEXE_DIR+E+".OLB") .NES. "" $ THEN @@ -128,8 +149,8 @@ $ ENDIF $ ! Preparing for the time when we have shareable images $ IF F$SEARCH(AEXE_DIR+E+".EXE") .NES. "" $ THEN -$ COPY 'AEXE_DIR''E'.EXE WRK_SSLALIB:'E'.EXE/log -$ SET FILE/PROT=W:RE WRK_SSLALIB:'E'.EXE +$ COPY 'AEXE_DIR''E'.EXE WRK_SSLAEXE:'E'.EXE/log +$ SET FILE/PROT=W:RE WRK_SSLAEXE:'E'.EXE $ ENDIF $ SET ON $ GOTO LOOP_LIB diff --git a/crypto/rand/rand_egd.c b/crypto/rand/rand_egd.c index dd490c825..97ed12cf6 100644 --- a/crypto/rand/rand_egd.c +++ b/crypto/rand/rand_egd.c @@ -94,7 +94,7 @@ * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255. */ -#if defined(OPENSSL_SYS_WIN32) || defined(VMS) || defined(__VMS) +#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) { return(-1); diff --git a/crypto/rand/rand_vms.c b/crypto/rand/rand_vms.c index 29b2d7af0..777d35454 100644 --- a/crypto/rand/rand_vms.c +++ b/crypto/rand/rand_vms.c @@ -1,6 +1,9 @@ /* crypto/rand/rand_vms.c -*- mode:C; c-file-style: "eay" -*- */ /* Written by Richard Levitte for the OpenSSL * project 2000. + * RAND_poll() written by Taka Shinagawa + * for the OpenSSL project. + */ */ /* ==================================================================== * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. @@ -56,13 +59,76 @@ * */ +#include +#include + #include #include "rand_lcl.h" #if defined(OPENSSL_SYS_VMS) +#define __NEW_STARLET 1 +#define NUM_OF_ITEMS 11 +#include #include #include + +#ifdef __alpha +#include +#include +#else +typedef struct _ile3 { /* Copied from ILEDEF.H for Alpha */ +#pragma __nomember_alignment + unsigned short int ile3$w_length; /* Length of buffer in bytes */ + unsigned short int ile3$w_code; /* Item code value */ + void *ile3$ps_bufaddr; /* Buffer address */ + unsigned short int *ile3$ps_retlen_addr; /* Address of word for returned length */ + } ILE3; + +typedef struct _iosb { /* Copied from IOSBDEF.H for Alpha */ +#pragma __nomember_alignment + __union { + __struct { + unsigned short int iosb$w_status; /* Final I/O status */ + __union { + __struct { /* 16-bit byte count variant */ + unsigned short int iosb$w_bcnt; /* 16-bit byte count */ + __union { + unsigned int iosb$l_dev_depend; /* 32-bit device dependent info */ + unsigned int iosb$l_pid; /* 32-bit pid */ + } iosb$r_l; + } iosb$r_bcnt_16; + __struct { /* 32-bit byte count variant */ + unsigned int iosb$l_bcnt; /* 32-bit byte count (unaligned) */ + unsigned short int iosb$w_dev_depend_high; /* 16-bit device dependent info */ + } iosb$r_bcnt_32; + } iosb$r_devdepend; + } iosb$r_io_64; + __struct { + __union { + unsigned int iosb$l_getxxi_status; /* Final GETxxI status */ + unsigned int iosb$l_reg_status; /* Final $Registry status */ + } iosb$r_l_status; + unsigned int iosb$l_reserved; /* Reserved field */ + } iosb$r_get_64; + } iosb$r_io_get; + } IOSB; + +#if !defined(__VAXC) +#define iosb$w_status iosb$r_io_get.iosb$r_io_64.iosb$w_status +#define iosb$w_bcnt iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_16.iosb$w_bcnt +#define iosb$r_l iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_16.iosb$r_l +#define iosb$l_dev_depend iosb$r_l.iosb$l_dev_depend +#define iosb$l_pid iosb$r_l.iosb$l_pid +#define iosb$l_bcnt iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_32.iosb$l_bcnt +#define iosb$w_dev_depend_high iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_32.iosb$w_dev_depend_high +#define iosb$l_getxxi_status iosb$r_io_get.iosb$r_get_64.iosb$r_l_status.iosb$l_getxxi_status +#define iosb$l_reg_status iosb$r_io_get.iosb$r_get_64.iosb$r_l_status.iosb$l_reg_status +#endif /* #if !defined(__VAXC) */ + +#endif /* End of IOSBDEF */ + +#include #include #include #ifdef __DECC @@ -76,25 +142,30 @@ static struct items_data_st { { 4, JPI$_BUFIO }, { 4, JPI$_CPUTIM }, { 4, JPI$_DIRIO }, + { 4, JPI$_IMAGECOUNT }, + { 8, JPI$_LAST_LOGIN_I }, { 8, JPI$_LOGINTIM }, { 4, JPI$_PAGEFLTS }, { 4, JPI$_PID }, + { 4, JPI$_PPGCNT }, { 4, JPI$_WSSIZE }, + { 4, JPI$_WSPEAK }, + { 4, JPI$_FINALEXC }, { 0, 0 } }; int RAND_poll(void) { - long pid, iosb[2]; + IOSB iosb; + long pid; int status = 0; - struct - { - short length, code; - long *buffer; - int *retlen; - } item[32], *pitem; - unsigned char data_buffer[256]; - short total_length = 0; +#if __INITIAL_POINTER_SIZE == 64 + ILEB_64 item[32], *pitem; +#else + ILE3 item[32], *pitem; +#endif + int data_buffer[256]; + int total_length = 0; struct items_data_st *pitems_data; pitems_data = items_data; @@ -103,15 +174,33 @@ int RAND_poll(void) /* Setup */ while (pitems_data->length) { - pitem->length = pitems_data->length; - pitem->code = pitems_data->code; - pitem->buffer = (long *)data_buffer[total_length]; - pitem->retlen = 0; - total_length += pitems_data->length; +#if __INITIAL_POINTER_SIZE == 64 + + pitem->ileb_64$w_mbo = 1; + pitem->ileb_64$w_code = pitems_data->code; + pitem->ileb_64$l_mbmo = -1; + pitem->ileb_64$q_length = pitems_data->length; + pitem->ileb_64$pq_bufaddr = &data_buffer[total_length]; + pitem->ileb_64$pq_retlen_addr = (unsigned __int64 *)&length; + + total_length += pitems_data->length/4; +#else + pitem->ile3$w_length = (short)pitems_data->length; + pitem->ile3$w_code = (short)pitems_data->code; + pitem->ile3$ps_bufaddr = &data_buffer[total_length]; + pitem->ile3$ps_retlen_addr = &length; + + total_length += pitems_data->length/4; +#endif pitems_data++; pitem++; } - pitem->length = pitem->code = 0; + /* Last item of the item list is null terminated */ +#if __INITIAL_POINTER_SIZE == 64 + pitem->ileb_64$q_length = pitem->ileb_64$w_code = 0; +#else + pitem->ile3$w_length = pitem->ile3$w_code = 0; +#endif /* * Scan through all the processes in the system and add entropy with @@ -119,17 +208,49 @@ int RAND_poll(void) * However, view the information as only half trustable. */ pid = -1; /* search context */ - while ((status = sys$getjpiw(0, &pid, 0, item, iosb, 0, 0)) + while ((status = sys$getjpiw(EFN$C_ENF, &pid, 0, item, iosb, 0, 0)) != SS$_NOMOREPROC) { if (status == SS$_NORMAL) { - RAND_add(data_buffer, total_length, total_length/2); + int i; + int tmp_length; + + for(i = 0; i < total_length; i++) + { + unsigned int sys_time[2]; + + sys$gettim(sys_time); + srand(sys_time[0]*data_buffer[0]*data_buffer[1]+i); + if(i==(total_length-1)) /* for JPI$_FINALEXC */ + { + long int *ptr = (long *)data_buffer[i]; + tmp_length = 0; + + for(j=0; j<4; j++) + { + data_buffer[i+j] = ptr[j]; + /* OK to use rand() just + to scramble the seed */ + data_buffer[i+j] ^= + (sys_time ^ rand()); + tmp_length++; + } + } + else + { + /* OK to use rand() just + to scramble the seed */ + data_buffer[i] ^= (sys_time ^ rand()); + } + } + total_length += (tmp_length - 1); + + /* size of seed is total_length*4 bytes (64bytes) */ + RAND_add(data_buffer, total_length, total_length*2); } } - sys$gettim(iosb); - RAND_add((unsigned char *)iosb, sizeof(iosb), sizeof(iosb)/2); - return 1; + return RAND_status(); } #endif diff --git a/crypto/rc4/rc4_enc.c b/crypto/rc4/rc4_enc.c index d5f18a3a7..a0f71d004 100644 --- a/crypto/rc4/rc4_enc.c +++ b/crypto/rc4/rc4_enc.c @@ -119,9 +119,13 @@ void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, d[x]=ty, \ (RC4_CHUNK)d[(tx+ty)&0xff]\ ) - +#ifdef OPENSSL_SYS_VMS + if ( ( ((unsigned long long)indata & (sizeof(RC4_CHUNK)-1)) | + ((unsigned long long)outdata & (sizeof(RC4_CHUNK)-1)) ) == 0 ) +#else if ( ( ((unsigned long)indata & (sizeof(RC4_CHUNK)-1)) | ((unsigned long)outdata & (sizeof(RC4_CHUNK)-1)) ) == 0 ) +#endif { RC4_CHUNK ichunk,otp; const union { long one; char little; } is_endian = {1}; diff --git a/crypto/threads/pthreads-vms.com b/crypto/threads/pthreads-vms.com index 63f5b8cc2..29a1022dd 100644 --- a/crypto/threads/pthreads-vms.com +++ b/crypto/threads/pthreads-vms.com @@ -1,9 +1,20 @@ $! To compile mttest on VMS. $! $! WARNING: only tested with DEC C so far. +$! +$! +$! +$! Define USER_CCFLAGS +$! +$ @[--]vms_build_info.com +$ WRITE SYS$OUTPUT " Using USER_CCFLAGS = ", USER_CCFLAGS $ $ arch := vax $ if f$getsyi("CPU") .ge. 128 then arch := axp $ define/user openssl [--.include.openssl] $ cc/def=PTHREADS mttest.c -$ link mttest,[--.'arch'.exe.ssl]libssl/lib,[--.'arch'.exe.crypto]libcrypto/lib +$ link /MAP/FULL/CROSS mttest, - + [--.'arch'.exe.ssl]libssl/lib, - + [--.'arch'.exe.crypto]libcrypto/lib, - + SYS$DISK:[--]SSL_IDENT.OPT/OPTION + diff --git a/demos/install.com b/demos/install.com new file mode 100644 index 000000000..02e8738f5 --- /dev/null +++ b/demos/install.com @@ -0,0 +1,50 @@ +$! INSTALL.COM -- Installs the files in a given directory tree +$! +$! Author: Richard Levitte +$! Time of creation: 23-MAY-1998 19:22 +$! +$! P1 root of the directory tree +$! +$ IF P1 .EQS. "" +$ THEN +$ WRITE SYS$OUTPUT "First argument missing." +$ WRITE SYS$OUTPUT "Should be the directory where you want things installed." +$ EXIT +$ ENDIF +$ +$ ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0" +$ ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY") +$ ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") - + - "[000000." - "][" - "[" - "]" +$ ROOT = ROOT_DEV + "[" + ROOT_DIR +$ +$ DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC +$ +$ IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN - + CREATE/DIR/LOG WRK_SSLROOT:[000000] +$! +$ EXAMPLE_DIR := [.VMS_EXAMPLES] +$ EXAMPLE_FILES := SSL$BIO_CLI.C,SSL$BIO_SERV.C,SSL$CLI_SESS_RENEGO.C, - + SSL$CLI_SESS_RENEGO_CLI_VER.C,SSL$CLI_SESS_REUSE.C, - + SSL$CLI_SESS_REUSE_CLI_VER.C,SSL$CLI_VERIFY_CLIENT.C, - + SSL$SERV_SESS_RENEGO.C,SSL$SERV_SESS_RENEGO_CLI_VER.C, - + SSL$SERV_SESS_REUSE.C,SSL$SERV_SESS_REUSE_CLI_VER.C, - + SSL$SERV_VERIFY_CLIENT.C,SSL$SIMPLE_CLI.C,SSL$SIMPLE_SERV.C, - + SSL$EXAMPLES_SETUP.COM +$! +$ I = 0 +$ LOOP: +$ EF = F$EDIT(F$ELEMENT(I, ",", EXAMPLE_FILES),"TRIM") +$ I = I + 1 +$ IF eF .EQS. "," THEN GOTO LOOP_END +$ SET NOON +$ IF F$SEARCH(EXAMPLE_DIR+EF) .NES. "" +$ THEN +$ COPY 'EXAMPLE_DIR''EF' WRK_SSLROOT:[000000]*.*/log +$ SET FILE/PROT=W:RE WRK_SSLROOT:[000000]'EF' +$ ENDIF +$ SET ON +$ GOTO LOOP +$ LOOP_END: +$! +$ EXIT diff --git a/demos/vms_examples/ssl$bio_cli.c b/demos/vms_examples/ssl$bio_cli.c new file mode 100644 index 000000000..97491043a --- /dev/null +++ b/demos/vms_examples/ssl$bio_cli.c @@ -0,0 +1,298 @@ +/* + * ++ + * FACILITY: + * + * Simplest SSL Client + "Socket BIO" + * + * ABSTRACT: + * + * This is an example of a SSL client with minimum functionality. + * This client uses Socket BIO. + * The socket APIs are used to handle TCP/IP operations. + * + * This SSL client verifies the server's certificate against the CA + * certificate loaded in the client. + * + * This SSL client does not load its own certificate and key because + * the SSL server does not request & verify the client certificate. + * + * ENVIRONMENT: + * + * OpenVMS Alpha V7.2-2 + * TCP/IP Services V5.0A or higher + * + * AUTHOR: + * + * Taka Shinagawa, OpenVMS Security Group + * + * CREATION DATE: + * + * 1-Jan-2002 + * + * -- + */ + + +/* Assumptions, Build, Configuration, and Execution Instructions */ + +/* + * ASSUMPTIONS: + * + * The following are assumed to be true for the + * execution of this program to succeed: + * + * - SSL is installed and started on this system. + * + * - this server program, and its accompanying client + * program are run on the same system, but in different + * processes. + * + * - the certificate and keys referenced by this program + * reside in the same directory as this program. There + * is a command procedure, SSL$EXAMPLES_SETUP.COM, to + * help set up the certificates and keys. + * + * + * BUILD INSTRUCTIONS: + * + * To build this example program use commands of the form, + * + * For a 32-bit application using only SSL APIs needs to run the following commands for SSL_APP.C . + * ----------------------------------------------------------------- + * $CC/POINTER_SIZE=32/PREFIX_LIBRARY_ENTRIES=ALL_ENTRIES SSL_APP.C + * $LINK SSL_APP.OBJ, VMS_DECC_OPTIONS.OPT/OPT + * ----------------------------------------------------------------- + * VMS_DECC_OPTIONS.OPT should include the following lines. + * ------------------------------------------------- + * SYS$LIBRARY:OPENSSL$LIBCRYPTO_SHR32.EXE/SHARE + * SYS$LIBRARY:OPENSSL$LIBSSL_SHR32.EXE/SHARE + * ------------------------------------------------- + * + * Creating a 64-bit application of SSL_APP.C should run the following commands. + * ----------------------------------------------------------------- + * $CC/POINTER_SIZE=64/PREFIX_LIBRARY_ENTRIES=ALL_ENTRIES SSL_APP.C + * $LINK SSL_APP.OBJ, VMS_DECC_OPTIONS.OPT/OPT + * ----------------------------------------------------------------- + * VMS_DECC_OPTIONS.OPT should include the following lines. + * ------------------------------------------------- + * SYS$LIBRARY:OPENSSL$LIBCRYPTO_SHR.EXE/SHARE + * SYS$LIBRARY:OPENSSL$LIBSSL_SHR.EXE/SHARE + * ------------------------------------------------- + * + * + * CONFIGURATION INSTRUCTIONS: + * + * + * RUN INSTRUCTIONS: + * + * To run this example program: + * + * 1) Start the server program on this system, + * + * $ run server + * + * 2) Start the client program on this same system, + * + * $ run client + * + */ + + +#include +#include +#include +#include +#include + +#ifdef __VMS +#include +#include +#include +#else +#include +#include +#include +#include +#endif + +#include +#include +#include + +#define RETURN_NULL(x) if ((x)==NULL) exit (1) +#define RETURN_ERR(err,s) if ((err)==-1) { perror(s); exit(1); } +#define RETURN_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(1); } + +static int verify_callback(int ok, X509_STORE_CTX *ctx); + +#define RSA_CLIENT_CERT "client.crt" +#define RSA_CLIENT_KEY "client.key" + +#define RSA_CLIENT_CA_CERT "client_ca.crt" +#define RSA_CLIENT_CA_PATH "sys$common:[syshlp.examples.ssl]" + +#define ON 1 +#define OFF 0 + +void main() +{ + int err; + int verify_client = OFF; /* To verify a client certificate, set ON */ + + int sock; + struct sockaddr_in server_addr; + char *str; + char buf [4096]; + char hello[80]; + + SSL_CTX *ctx; + SSL *ssl; + SSL_METHOD *meth; + X509 *server_cert; + BIO *sbio = NULL; + + EVP_PKEY *pkey; + + short int s_port = 5555; + const char *s_ipaddr = "127.0.0.1"; + + /*----------------------------------------------------------*/ + printf ("Message to be sent to the SSL server: "); + fgets (hello, 80, stdin); + + /* Load encryption & hashing algorithms for the SSL program */ + SSL_library_init(); + + /* Load the error strings for SSL & CRYPTO APIs */ + SSL_load_error_strings(); + + /* Create a SSL_METHOD structure (choose a SSL/TLS protocol version) */ + meth = SSLv3_method(); + + /* Create a SSL_CTX structure */ + ctx = SSL_CTX_new(meth); + RETURN_NULL(ctx); + + /*-------------------------------------------------------------------------*/ + if(verify_client == ON) + { + /* Load the client certificate into the SSL_CTX structure */ + if (SSL_CTX_use_certificate_file(ctx, RSA_CLIENT_CERT, SSL_FILETYPE_PEM) <= 0) { + ERR_print_errors_fp(stderr); + exit(1); + } + + /* Load the private-key corresponding to the client certificate */ + if (SSL_CTX_use_PrivateKey_file(ctx, RSA_CLIENT_KEY, SSL_FILETYPE_PEM) <= 0) { + ERR_print_errors_fp(stderr); + exit(1); + } + + /* Check if the client certificate and private-key matches */ + if (!SSL_CTX_check_private_key(ctx)) { + fprintf(stderr,"Private key does not match the certificate public key\n"); + exit(1); + } + } + + /* Load the RSA CA certificate into the SSL_CTX structure */ + if (!SSL_CTX_load_verify_locations(ctx, RSA_CLIENT_CA_CERT, NULL)) { + ERR_print_errors_fp(stderr); + exit(1); + } + + /* Set to require peer (server) certificate verification */ + SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER,NULL); + SSL_CTX_set_verify_depth(ctx,1); + + /* ----------------------------------------------------------------- */ + /* Set up a TCP socket */ + + sock = socket (PF_INET, SOCK_STREAM, IPPROTO_TCP); + RETURN_ERR(sock, "socket"); + + memset (&server_addr, '\0', sizeof(server_addr)); + server_addr.sin_family = AF_INET; + server_addr.sin_port = htons(s_port); /* Server Port number */ + server_addr.sin_addr.s_addr = inet_addr(s_ipaddr); /* Server IP */ + + /* Establish a TCP/IP connection to the SSL client */ + err = connect(sock, (struct sockaddr*) &server_addr, sizeof(server_addr)); + RETURN_ERR(err, "connect"); + + /* ----------------------------------------------- */ + /* A SSL structure is created */ + ssl = SSL_new (ctx); + RETURN_NULL(ssl); + + if(1){ /* Use a socket BIO between the socket and SSL structure */ + /* Create a socket BIO */ + sbio = BIO_new_socket(sock, BIO_NOCLOSE); + + /* Assign the socket BIO to the SSL structure*/ + SSL_set_bio(ssl, sbio, sbio); + } + else{ + /* Assign the socket into the SSL structure (SSL and socket without BIO) */ + SSL_set_fd(ssl, sock); + } + + /* Perform SSL Handshake on the SSL client */ + err = SSL_connect(ssl); + RETURN_SSL(err); + + /* Informational output (optional) */ + printf ("SSL connection using %s\n", SSL_get_cipher (ssl)); + + + /* Get the server's certificate (optional) */ + server_cert = SSL_get_peer_certificate (ssl); + + if (server_cert != NULL) + { + printf ("Server certificate:\n"); + + str = X509_NAME_oneline(X509_get_subject_name(server_cert),0,0); + RETURN_NULL(str); + printf ("\t subject: %s\n", str); + free (str); + + str = X509_NAME_oneline(X509_get_issuer_name(server_cert),0,0); + RETURN_NULL(str); + printf ("\t issuer: %s\n", str); + free(str); + + X509_free (server_cert); + } + else + printf("The SSL server does not have certificate.\n"); + + + /*--------------- DATA EXCHANGE - send message and receive reply. ---------------*/ + + /* Send data to the SSL server */ + err = SSL_write(ssl, hello, strlen(hello)); + RETURN_SSL(err); + + /* Receive data from the SSL client */ + err = SSL_read(ssl, buf, sizeof(buf)-1); + RETURN_SSL(err); + buf[err] = '\0'; + printf ("Received %d chars:'%s'\n", err, buf); + + /*--------------- SSL closure ---------------*/ + /* Shutdown the client side of the SSL connection */ + err = SSL_shutdown(ssl); + RETURN_SSL(err); + + /* Terminate communication on a socket */ + err = close(sock); + RETURN_ERR(err, "close"); + + /* Free the SSL structure */ + SSL_free(ssl); + + /* Free the SSL_CTX structure */ + SSL_CTX_free(ctx); +} + diff --git a/demos/vms_examples/ssl$bio_serv.c b/demos/vms_examples/ssl$bio_serv.c new file mode 100644 index 000000000..df2f7477f --- /dev/null +++ b/demos/vms_examples/ssl$bio_serv.c @@ -0,0 +1,311 @@ +/* + * ++ + * FACILITY: + * + * Simplest SSL Server + "Socket BIO" + * + * ABSTRACT: + * + * This is an example of a SSL server with minimum functionality. + * This server uses Socket BIO. + * The socket APIs are used to handle TCP/IP operations. This SSL + * server loads its own certificate and key, but it does not verify + * the certificate of the SSL client. + * + * ENVIRONMENT: + * + * OpenVMS Alpha V7.2-2 + * TCP/IP Services V5.0A or higher + * + * AUTHOR: + * + * Taka Shinagawa, OpenVMS Security Group + * + * CREATION DATE: + * + * 1-Jan-2002 + * + * -- + */ + + +/* Assumptions, Build, Configuration, and Execution Instructions */ + +/* + * ASSUMPTIONS: + * + * The following are assumed to be true for the + * execution of this program to succeed: + * + * - SSL is installed and started on this system. + * + * - this server program, and its accompanying client + * program are run on the same system, but in different + * processes. + * + * - the certificate and keys referenced by this program + * reside in the same directory as this program. There + * is a command procedure, SSL$EXAMPLES_SETUP.COM, to + * help set up the certificates and keys. + * + * + * BUILD INSTRUCTIONS: + * + * To build this example program use commands of the form, + * + * For a 32-bit application using only SSL APIs needs to run the following commands for SSL_APP.C . + * ----------------------------------------------------------------- + * $CC/POINTER_SIZE=32/PREFIX_LIBRARY_ENTRIES=ALL_ENTRIES SSL_APP.C + * $LINK SSL_APP.OBJ, VMS_DECC_OPTIONS.OPT/OPT + * ----------------------------------------------------------------- + * VMS_DECC_OPTIONS.OPT should include the following lines. + * ------------------------------------------------- + * SYS$LIBRARY:OPENSSL$LIBCRYPTO_SHR32.EXE/SHARE + * SYS$LIBRARY:OPENSSL$LIBSSL_SHR32.EXE/SHARE + * ------------------------------------------------- + * + * Creating a 64-bit application of SSL_APP.C should run the following commands. + * ----------------------------------------------------------------- + * $CC/POINTER_SIZE=64/PREFIX_LIBRARY_ENTRIES=ALL_ENTRIES SSL_APP.C + * $LINK SSL_APP.OBJ, VMS_DECC_OPTIONS.OPT/OPT + * ----------------------------------------------------------------- + * VMS_DECC_OPTIONS.OPT should include the following lines. + * ------------------------------------------------- + * SYS$LIBRARY:OPENSSL$LIBCRYPTO_SHR.EXE/SHARE + * SYS$LIBRARY:OPENSSL$LIBSSL_SHR.EXE/SHARE + * ------------------------------------------------- + * + * + * CONFIGURATION INSTRUCTIONS: + * + * + * RUN INSTRUCTIONS: + * + * To run this example program: + * + * 1) Start the server program, + * + * $ run server + * + * 2) Start the client program on this same system, + * + * $ run client + * + */ + + + +#include +#include +#include +#include +#include +#include + +#ifdef __VMS +#include +#include +#include +#include +#else +#include +#include +#include +#include +#endif + +#include +#include +#include + +#define RSA_SERVER_CERT "server.crt" +#define RSA_SERVER_KEY "server.key" + +#define RSA_SERVER_CA_CERT "server_ca.crt" +#define RSA_SERVER_CA_PATH "sys$common:[syshlp.examples.ssl]" + +#define ON 1 +#define OFF 0 + +#define RETURN_NULL(x) if ((x)==NULL) exit(1) +#define RETURN_ERR(err,s) if ((err)==-1) { perror(s); exit(1); } +#define RETURN_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(1); } + +void main () +{ + int err; + int verify_client = OFF; /* To verify a client certificate, set ON */ + + int listen_sock; + int sock; + struct sockaddr_in sa_serv; + struct sockaddr_in sa_cli; + size_t client_len; + char *str; + char buf[4096]; + + SSL_CTX *ctx; + SSL *ssl; + SSL_METHOD *meth; + X509 *client_cert = NULL; + BIO *sbio = NULL; + + short int s_port = 5555; + + /*-----------------------------------------------------------------------------------------*/ + /* Load encryption & hashing algorithms for the SSL program */ + SSL_library_init(); + + /* Load the error strings for SSL & CRYPTO APIs */ + SSL_load_error_strings(); + + /* Create a SSL_METHOD structure (choose a SSL/TLS protocol version) */ + meth = SSLv3_method(); + + /* Create a SSL_CTX structure */ + ctx = SSL_CTX_new(meth); + if (!ctx) { + ERR_print_errors_fp(stderr); + exit(1); + } + + /* Load the server certificate into the SSL_CTX structure */ + if (SSL_CTX_use_certificate_file(ctx, RSA_SERVER_CERT, SSL_FILETYPE_PEM) <= 0) { + ERR_print_errors_fp(stderr); + exit(1); + } + + /* Load the private-key corresponding to the server certificate */ + if (SSL_CTX_use_PrivateKey_file(ctx, RSA_SERVER_KEY, SSL_FILETYPE_PEM) <= 0) { + ERR_print_errors_fp(stderr); + exit(1); + } + + /* Check if the server certificate and private-key matches */ + if (!SSL_CTX_check_private_key(ctx)) { + fprintf(stderr,"Private key does not match the certificate public key\n"); + exit(1); + } + + if(verify_client == ON) + { + /* Load the RSA CA certificate into the SSL_CTX structure */ + if (!SSL_CTX_load_verify_locations(ctx, RSA_SERVER_CA_CERT, NULL)) { + ERR_print_errors_fp(stderr); + exit(1); + } + + /* Set to require peer (client) certificate verification */ + SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER,NULL); + + /* Set the verification depth to 1 */ + SSL_CTX_set_verify_depth(ctx,1); + } + + /* ----------------------------------------------- */ + /* Set up a TCP socket */ + + listen_sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP); + RETURN_ERR(listen_sock, "socket"); + + memset (&sa_serv, '\0', sizeof(sa_serv)); + sa_serv.sin_family = AF_INET; + sa_serv.sin_addr.s_addr = INADDR_ANY; + sa_serv.sin_port = htons (s_port); /* Server Port number */ + + err = bind(listen_sock, (struct sockaddr*)&sa_serv,sizeof(sa_serv)); + RETURN_ERR(err, "bind"); + + /* Wait for an incoming TCP connection. */ + err = listen(listen_sock, 5); + RETURN_ERR(err, "listen"); + + client_len = sizeof(sa_cli); + + /* Socket for a TCP/IP connection is created */ + sock = accept(listen_sock, (struct sockaddr*)&sa_cli, &client_len); + RETURN_ERR(sock, "accept"); + close (listen_sock); + + printf ("Connection from %lx, port %x\n", sa_cli.sin_addr.s_addr, sa_cli.sin_port); + + /* ----------------------------------------------- */ + /* TCP connection is ready. */ + + /* A SSL structure is created */ + ssl = SSL_new(ctx); + RETURN_NULL(ssl); + + if(1){ /* Use a socket BIO between the socket and SSL structure */ + /* Create a socket BIO */ + sbio = BIO_new_socket(sock, BIO_NOCLOSE); + + /* Assign the socket BIO to the SSL structure*/ + SSL_set_bio(ssl, sbio, sbio); + + } + else{ + /* Assign the socket into the SSL structure (SSL and socket without BIO) */ + SSL_set_fd(ssl, sock); + } + + /* Perform SSL Handshake on the SSL server */ + err = SSL_accept(ssl); + RETURN_SSL(err); + + /* Informational output (optional) */ + printf("SSL connection using %s\n", SSL_get_cipher (ssl)); + + if (verify_client == ON) + { + /* Get the client's certificate (optional) */ + client_cert = SSL_get_peer_certificate(ssl); + + if (client_cert != NULL) + { + printf ("Client certificate:\n"); + + str = X509_NAME_oneline(X509_get_subject_name(client_cert), 0, 0); + RETURN_NULL(str); + printf ("\t subject: %s\n", str); + free (str); + + str = X509_NAME_oneline(X509_get_issuer_name(client_cert), 0, 0); + RETURN_NULL(str); + printf ("\t issuer: %s\n", str); + free (str); + + X509_free(client_cert); + } + else + printf("The SSL client does not have certificate.\n"); + } + + /*--------------- DATA EXCHANGE - Receive message and send reply. ---------------*/ + + /* Receive data from the SSL client */ + err = SSL_read(ssl, buf, sizeof(buf) - 1); + RETURN_SSL(err); + buf[err] = '\0'; + printf ("Received %d chars:'%s'\n", err, buf); + + /* Send data to the SSL client */ + err = SSL_write(ssl, "This message is from the SSL server", strlen("This message is from the SSL server")); + RETURN_SSL(err); + + /*--------------- SSL closure ---------------*/ + /* Shutdown this side (server) of the connection. */ + err = SSL_shutdown(ssl); + RETURN_SSL(err); + + /* Terminate communication on a socket */ + err = close(sock); + RETURN_ERR(err, "close"); + + /* Free the SSL structure */ + SSL_free(ssl); + + /* Free the SSL_CTX structure */ + SSL_CTX_free(ctx); +} + diff --git a/demos/vms_examples/ssl$cli_sess_renego.c b/demos/vms_examples/ssl$cli_sess_renego.c new file mode 100644 index 000000000..816032f29 --- /dev/null +++ b/demos/vms_examples/ssl$cli_sess_renego.c @@ -0,0 +1,361 @@ +/* + * ++ + * FACILITY: + * + * Simplest SSL Client + "Socket BIO" + "SSL Renegotiation" + * + * ABSTRACT: + * + * This is an example of a SSL client with minimum functionality. + * This client uses Socket BIO. + * The socket APIs are used to handle TCP/IP operations. + * + * This SSL client verifies the server's certificate against the CA + * certificate loaded in the client. + * + * This SSL client does not load its own certificate and key because + * the SSL server does not request & verify the client certificate. + * + * This SSL client also demonstrates how to implement SSL Session Renegotiation + * in the client. + * + * ENVIRONMENT: + * + * OpenVMS Alpha V7.2-2 + * TCP/IP Services V5.0A or higher + * + * AUTHOR: + * + * Taka Shinagawa, OpenVMS Security Group + * + * CREATION DATE: + * + * 1-Jan-2002 + * + * -- + */ + +/* Assumptions, Build, Configuration, and Execution Instructions */ + +/* + * ASSUMPTIONS: + * + * The following are assumed to be true for the + * execution of this program to succeed: + * + * - SSL is installed and started on this system. + * + * - this server program, and its accompanying client + * program are run on the same system, but in different + * processes. + * + * - the certificate and keys referenced by this program + * reside in the same directory as this program. There + * is a command procedure, SSL$EXAMPLES_SETUP.COM, to + * help set up the certificates and keys. + * + * + * BUILD INSTRUCTIONS: + * + * To build this example program use commands of the form, + * + * For a 32-bit application using only SSL APIs needs to run the following commands for SSL_APP.C . + * ----------------------------------------------------------------- + * $CC/POINTER_SIZE=32/PREFIX_LIBRARY_ENTRIES=ALL_ENTRIES SSL_APP.C + * $LINK SSL_APP.OBJ, VMS_DECC_OPTIONS.OPT/OPT + * ----------------------------------------------------------------- + * VMS_DECC_OPTIONS.OPT should include the following lines. + * ------------------------------------------------- + * SYS$LIBRARY:OPENSSL$LIBCRYPTO_SHR32.EXE/SHARE + * SYS$LIBRARY:OPENSSL$LIBSSL_SHR32.EXE/SHARE + * ------------------------------------------------- + * + * Creating a 64-bit application of SSL_APP.C should run the following commands. + * ----------------------------------------------------------------- + * $CC/POINTER_SIZE=64/PREFIX_LIBRARY_ENTRIES=ALL_ENTRIES SSL_APP.C + * $LINK SSL_APP.OBJ, VMS_DECC_OPTIONS.OPT/OPT + * ----------------------------------------------------------------- + * VMS_DECC_OPTIONS.OPT should include the following lines. + * ------------------------------------------------- + * SYS$LIBRARY:OPENSSL$LIBCRYPTO_SHR.EXE/SHARE + * SYS$LIBRARY:OPENSSL$LIBSSL_SHR.EXE/SHARE + * ------------------------------------------------- + * + * + * CONFIGURATION INSTRUCTIONS: + * + * + * RUN INSTRUCTIONS: + * + * To run this example program: + * + * 1) Start the server program on this system, + * + * $ run server + * + * 2) Start the client program on this same system, + * + * $ run client + * + */ + + +#include +#include +#include +#include +#include + +#ifdef __VMS +#include +#include +#include +#else +#include +#include +#include +#include +#endif + +#include +#include +#include + +#define RETURN_NULL(x) if ((x)==NULL) exit (1) +#define RETURN_ERR(err,s) if ((err)==-1) { perror(s); exit(1); } +#define RETURN_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(1); } + +static int verify_callback(int ok, X509_STORE_CTX *ctx); + +#define RSA_CLIENT_CERT "client.crt" +#define RSA_CLIENT_KEY "client.key" + +#define RSA_CLIENT_CA_CERT "client_ca.crt" +#define RSA_CLIENT_CA_PATH "sys$common:[syshlp.examples.ssl]" + +#define ON 1 +#define OFF 0 + +void main() +{ + int err; + int verify_client = ON; /* To verify a client certificate, set ON */ + + int sock; + struct sockaddr_in server_addr; + char *str; + char buf [4096]; + char hello[80]; + + SSL_CTX *ctx; + SSL *ssl; + SSL_METHOD *meth; + X509 *server_cert; + BIO *sbio = NULL; + SSL_SESSION *sess = NULL; + + EVP_PKEY *pkey; + + short int s_port = 5555; + const char *s_ipaddr = "127.0.0.1"; + + /*----------------------------------------------------------*/ + printf ("Message to be sent to the SSL server: "); + fgets (hello, 80, stdin); + + /* Load encryption & hashing algorithms for the SSL program */ + SSL_library_init(); + + /* Load the error strings for SSL & CRYPTO APIs */ + SSL_load_error_strings(); + + /* Create a SSL_METHOD structure (choose a SSL/TLS protocol version) */ + meth = TLSv1_method(); + + /* Create a SSL_CTX structure */ + ctx = SSL_CTX_new(meth); + RETURN_NULL(ctx); + + /*-------------------------------------------------------------------------*/ + if(verify_client == ON) + { + /* Load the client certificate into the SSL_CTX structure */ + if (SSL_CTX_use_certificate_file(ctx, RSA_CLIENT_CERT, SSL_FILETYPE_PEM) <= 0) { + ERR_print_errors_fp(stderr); + exit(1); + } + + /* Load the private-key corresponding to the client certificate */ + if (SSL_CTX_use_PrivateKey_file(ctx, RSA_CLIENT_KEY, SSL_FILETYPE_PEM) <= 0) { + ERR_print_errors_fp(stderr); + exit(1); + } + + /* Check if the client certificate and private-key matches */ + if (!SSL_CTX_check_private_key(ctx)) { + fprintf(stderr,"Private key does not match the certificate public key\n"); + exit(1); + } + } + + /* Load the RSA CA certificate into the SSL_CTX structure */ + if (!SSL_CTX_load_verify_locations(ctx, RSA_CLIENT_CA_CERT, NULL)) { + ERR_print_errors_fp(stderr); + exit(1); + } + + /* Set to require peer (server) certificate verification */ + SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER,NULL); + SSL_CTX_set_verify_depth(ctx,1); + + /* ----------------------------------------------------------------- */ + /* Set up a TCP socket */ + + sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP); + RETURN_ERR(sock, "socket"); + + memset(&server_addr, '\0', sizeof(server_addr)); + server_addr.sin_family = AF_INET; + server_addr.sin_port = htons(s_port); /* Server Port number */ + server_addr.sin_addr.s_addr = inet_addr(s_ipaddr); /* Server IP */ + + /* Establish a TCP/IP connection to the SSL client */ + err = connect(sock, (struct sockaddr*) &server_addr, sizeof(server_addr)); + RETURN_ERR(err, "connect"); + + /* ----------------------------------------------- */ + /* A SSL structure is created */ + ssl = SSL_new (ctx); + RETURN_NULL(ssl); + + if(1){ /* Use a socket BIO between the socket and SSL structure */ + /* Create a socket BIO */ + sbio = BIO_new_socket(sock, BIO_NOCLOSE); + + /* Assign the socket BIO to the SSL structure*/ + SSL_set_bio(ssl, sbio, sbio); + } + else{ + /* Assign the socket into the SSL structure (SSL and socket without BIO) */ + SSL_set_fd(ssl, sock); + } + + /* Perform SSL Handshake on the SSL client */ + err = SSL_connect(ssl); + RETURN_SSL(err); + + /* Informational output (optional) */ + printf ("SSL connection using %s\n", SSL_get_cipher (ssl)); + + + /* Get the server's certificate (optional) */ + server_cert = SSL_get_peer_certificate (ssl); + + if (server_cert != NULL) + { + printf ("Server certificate:\n"); + + str = X509_NAME_oneline(X509_get_subject_name(server_cert),0,0); + RETURN_NULL(str); + printf ("\t subject: %s\n", str); + free (str); + + str = X509_NAME_oneline(X509_get_issuer_name(server_cert),0,0); + RETURN_NULL(str); + printf ("\t issuer: %s\n", str); + free(str); + + X509_free (server_cert); + } + else + printf("The SSL server does not have certificate.\n"); + + + /*--------------- DATA EXCHANGE - send message and receive reply. ---------------*/ + + /* Send data to the SSL server */ + err = SSL_write(ssl, hello, strlen(hello)); + RETURN_SSL(err); + + /* Receive data from the SSL client */ + err = SSL_read(ssl, buf, sizeof(buf)-1); + RETURN_SSL(err); + buf[err] = '\0'; + printf ("Received %d chars:'%s'\n", err, buf); + + sess = SSL_get_session(ssl); + printf("Before Renegotiation: SSL_SESSION_hash(sess) >> %d\n", SSL_SESSION_hash(sess)); + + /*--------------- SSL Renegotiation initiated by server ---------------*/ + printf("\n>> Starting Renegotiation 1 (initiated by the server) \n"); + + /* Receive Handshake message from Server for SSL Renegotiation */ + err = SSL_read(ssl, buf, sizeof(buf)-1); + switch(SSL_get_error(ssl,err)){ + case SSL_ERROR_WANT_READ: + printf(">> SSL Renegotiation succeeded\n"); + break; + default: + printf(">> SSL Renegotiation failed\n"); + exit(1); + } + + sess = SSL_get_session(ssl); + printf("After Renegotiation: SSL_SESSION_hash(sess) >> %d\n", SSL_SESSION_hash(sess)); + + /* Send a message to Server */ + err = SSL_write(ssl, "Message from Client after Rehandshake", strlen("Message from Client after Rehandshake")); + RETURN_SSL(err); + + /* Receive a message from Server */ + err = SSL_read(ssl, buf, sizeof(buf)-1); + RETURN_SSL(err); + + buf[err] = '\0'; + printf("Received %d chars:'%s'\n", err, buf); + + /*--------------- SSL Renegotiation initiated by client ---------------*/ + printf("\n>> Starting Renegotiation 2 (initiated by the client)\n"); + + if(SSL_renegotiate(ssl)<=0){ + printf("SSL_renegotiate() failed.\n"); + exit(1); + } + + if(SSL_do_handshake(ssl)<=0){ + printf("SSL_do_handshake() failed.\n"); + exit(1); + } + + printf(">> SSL Renegotiation succeeded\n"); + + sess = SSL_get_session(ssl); + printf("After Renegotiation: SSL_SESSION_hash(sess) >> %d\n", SSL_SESSION_hash(sess)); + + /* Send a message to Server */ + err = SSL_write(ssl, "Message from Client after Rehandshake", strlen("Message from Client after Rehandshake")); + RETURN_SSL(err); + + /* Receive a message from Server */ + err = SSL_read(ssl, buf, sizeof(buf)-1); + RETURN_SSL(err); + + buf[err] = '\0'; + printf("Received %d chars:'%s'\n", err, buf); + + /*--------------- SSL closure ---------------*/ + /* Shutdown this side of the SSL connection */ + err = SSL_shutdown(ssl); + RETURN_SSL(err); + + /* Terminate communication on a socket */ + err = close(sock); + RETURN_ERR(err, "close"); + + /* Free the SSL structure */ + SSL_free(ssl); + + /* Free the SSL_CTX structure */ + SSL_CTX_free(ctx); +} + diff --git a/demos/vms_examples/ssl$cli_sess_renego_cli_ver.c b/demos/vms_examples/ssl$cli_sess_renego_cli_ver.c new file mode 100644 index 000000000..44aba7be1 --- /dev/null +++ b/demos/vms_examples/ssl$cli_sess_renego_cli_ver.c @@ -0,0 +1,360 @@ +/* + * ++ + * FACILITY: + * + * Simplest SSL Server + "Socket BIO" + "client certificate verification" + "SSL Renegotiation" + * + * ABSTRACT: + * + * This is an example of a SSL client with minimum functionality. + * This client uses Socket BIO. + * The socket APIs are used to handle TCP/IP operations. + * + * This SSL client verifies the server's certificate against the CA + * certificate loaded in the client. + * + * This SSL client loads its own certificate and key for the + * client certificate verification on the SSL server. + * + * This SSL client also demonstrates how to implement SSL Session Renegotiation + * in the client. + * + * ENVIRONMENT: + * + * OpenVMS Alpha V7.2-2 + * TCP/IP Services V5.0A or higher + * + * AUTHOR: + * + * Taka Shinagawa, OpenVMS Security Group + * + * CREATION DATE: + * + * 1-Jan-2002 + * + * -- + */ + +/* Assumptions, Build, Configuration, and Execution Instructions */ + +/* + * ASSUMPTIONS: + * + * The following are assumed to be true for the + * execution of this program to succeed: + * + * - SSL is installed and started on this system. + * + * - this server program, and its accompanying client + * program are run on the same system, but in different + * processes. + * + * - the certificate and keys referenced by this program + * reside in the same directory as this program. There + * is a command procedure, SSL$EXAMPLES_SETUP.COM, to + * help set up the certificates and keys. + * + * BUILD INSTRUCTIONS: + * + * To build this example program use commands of the form, + * + * For a 32-bit application using only SSL APIs needs to run the following commands for SSL_APP.C . + * ----------------------------------------------------------------- + * $CC/POINTER_SIZE=32/PREFIX_LIBRARY_ENTRIES=ALL_ENTRIES SSL_APP.C + * $LINK SSL_APP.OBJ, VMS_DECC_OPTIONS.OPT/OPT + * ----------------------------------------------------------------- + * VMS_DECC_OPTIONS.OPT should include the following lines. + * ------------------------------------------------- + * SYS$LIBRARY:OPENSSL$LIBCRYPTO_SHR32.EXE/SHARE + * SYS$LIBRARY:OPENSSL$LIBSSL_SHR32.EXE/SHARE + * ------------------------------------------------- + * + * Creating a 64-bit application of SSL_APP.C should run the following commands. + * ----------------------------------------------------------------- + * $CC/POINTER_SIZE=64/PREFIX_LIBRARY_ENTRIES=ALL_ENTRIES SSL_APP.C + * $LINK SSL_APP.OBJ, VMS_DECC_OPTIONS.OPT/OPT + * ----------------------------------------------------------------- + * VMS_DECC_OPTIONS.OPT should include the following lines. + * ------------------------------------------------- + * SYS$LIBRARY:OPENSSL$LIBCRYPTO_SHR.EXE/SHARE + * SYS$LIBRARY:OPENSSL$LIBSSL_SHR.EXE/SHARE + * ------------------------------------------------- + * + * + * CONFIGURATION INSTRUCTIONS: + * + * + * RUN INSTRUCTIONS: + * + * To run this example program: + * + * 1) Start the server program on this system, + * + * $ run server + * + * 2) Start the client program on this same system, + * + * $ run client + * + */ + + +#include +#include +#include +#include +#include + +#ifdef __VMS +#include +#include +#include +#else +#include +#include +#include +#include +#endif + +#include +#include +#include + +#define RETURN_NULL(x) if ((x)==NULL) exit (1) +#define RETURN_ERR(err,s) if ((err)==-1) { perror(s); exit(1); } +#define RETURN_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(1); } + +static int verify_callback(int ok, X509_STORE_CTX *ctx); + +#define RSA_CLIENT_CERT "client.crt" +#define RSA_CLIENT_KEY "client.key" + +#define RSA_CLIENT_CA_CERT "client_ca.crt" +#define RSA_CLIENT_CA_PATH "sys$common:[syshlp.examples.ssl" + +#define ON 1 +#define OFF 0 + +void main() +{ + int err; + int verify_client = ON; /* To verify a client certificate, set ON */ + + int sock; + struct sockaddr_in server_addr; + char *str; + char buf [4096]; + char hello[80]; + + SSL_CTX *ctx; + SSL *ssl; + SSL_METHOD *meth; + X509 *server_cert; + BIO *sbio = NULL; + SSL_SESSION *sess = NULL; + + EVP_PKEY *pkey; + + short int s_port = 5555; + const char *s_ipaddr = "127.0.0.1"; + + /*----------------------------------------------------------*/ + printf ("Message to be sent to the SSL server: "); + fgets (hello, 80, stdin); + + /* Load encryption & hashing algorithms for the SSL program */ + SSL_library_init(); + + /* Load the error strings for SSL & CRYPTO APIs */ + SSL_load_error_strings(); + + /* Create a SSL_METHOD structure (choose a SSL/TLS protocol version) */ + meth = TLSv1_method(); + + /* Create a SSL_CTX structure */ + ctx = SSL_CTX_new(meth); + RETURN_NULL(ctx); + + /*-------------------------------------------------------------------------*/ + if(verify_client == ON) + { + /* Load the client certificate into the SSL_CTX structure */ + if (SSL_CTX_use_certificate_file(ctx, RSA_CLIENT_CERT, SSL_FILETYPE_PEM) <= 0) { + ERR_print_errors_fp(stderr); + exit(1); + } + + /* Load the private-key corresponding to the client certificate */ + if (SSL_CTX_use_PrivateKey_file(ctx, RSA_CLIENT_KEY, SSL_FILETYPE_PEM) <= 0) { + ERR_print_errors_fp(stderr); + exit(1); + } + + /* Check if the client certificate and private-key matches */ + if (!SSL_CTX_check_private_key(ctx)) { + fprintf(stderr,"Private key does not match the certificate public key\n"); + exit(1); + } + } + + /* Load the RSA CA certificate into the SSL_CTX structure */ + if (!SSL_CTX_load_verify_locations(ctx, RSA_CLIENT_CA_CERT, NULL)) { + ERR_print_errors_fp(stderr); + exit(1); + } + + /* Set to require peer (server) certificate verification */ + SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER,NULL); + SSL_CTX_set_verify_depth(ctx,1); + + /* ----------------------------------------------------------------- */ + /* Set up a TCP socket */ + + sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP); + RETURN_ERR(sock, "socket"); + + memset(&server_addr, '\0', sizeof(server_addr)); + server_addr.sin_family = AF_INET; + server_addr.sin_port = htons(s_port); /* Server Port number */ + server_addr.sin_addr.s_addr = inet_addr(s_ipaddr); /* Server IP */ + + /* Establish a TCP/IP connection to the SSL client */ + err = connect(sock, (struct sockaddr*) &server_addr, sizeof(server_addr)); + RETURN_ERR(err, "connect"); + + /* ----------------------------------------------- */ + /* A SSL structure is created */ + ssl = SSL_new (ctx); + RETURN_NULL(ssl); + + if(1){ /* Use a socket BIO between the socket and SSL structure */ + /* Create a socket BIO */ + sbio = BIO_new_socket(sock, BIO_NOCLOSE); + + /* Assign the socket BIO to the SSL structure*/ + SSL_set_bio(ssl, sbio, sbio); + } + else{ + /* Assign the socket into the SSL structure (SSL and socket without BIO) */ + SSL_set_fd(ssl, sock); + } + + /* Perform SSL Handshake on the SSL client */ + err = SSL_connect(ssl); + RETURN_SSL(err); + + /* Informational output (optional) */ + printf ("SSL connection using %s\n", SSL_get_cipher (ssl)); + + + /* Get the server's certificate (optional) */ + server_cert = SSL_get_peer_certificate (ssl); + + if (server_cert != NULL) + { + printf ("Server certificate:\n"); + + str = X509_NAME_oneline(X509_get_subject_name(server_cert),0,0); + RETURN_NULL(str); + printf ("\t subject: %s\n", str); + free (str); + + str = X509_NAME_oneline(X509_get_issuer_name(server_cert),0,0); + RETURN_NULL(str); + printf ("\t issuer: %s\n", str); + free(str); + + X509_free (server_cert); + } + else + printf("The SSL server does not have certificate.\n"); + + + /*--------------- DATA EXCHANGE - send message and receive reply. ---------------*/ + + /* Send data to the SSL server */ + err = SSL_write(ssl, hello, strlen(hello)); + RETURN_SSL(err); + + /* Receive data from the SSL client */ + err = SSL_read(ssl, buf, sizeof(buf)-1); + RETURN_SSL(err); + buf[err] = '\0'; + printf ("Received %d chars:'%s'\n", err, buf); + + sess = SSL_get_session(ssl); + printf("Before Renegotiation: SSL_SESSION_hash(sess) >> %d\n", SSL_SESSION_hash(sess)); + + /*--------------- SSL Renegotiation initiated by server ---------------*/ + printf("\n>> Starting Renegotiation 1 (initiated by the server) \n"); + + /* Receive Handshake message from Server for SSL Renegotiation */ + err = SSL_read(ssl, buf, sizeof(buf)-1); + switch(SSL_get_error(ssl,err)){ + case SSL_ERROR_WANT_READ: + printf(">> SSL Renegotiation succeeded\n"); + break; + default: + printf(">> SSL Renegotiation failed\n"); + exit(1); + } + + sess = SSL_get_session(ssl); + printf("After Renegotiation: SSL_SESSION_hash(sess) >> %d\n", SSL_SESSION_hash(sess)); + + /* Send a message to Server */ + err = SSL_write(ssl, "Message from Client after Rehandshake", strlen("Message from Client after Rehandshake")); + RETURN_SSL(err); + + /* Receive a message from Server */ + err = SSL_read(ssl, buf, sizeof(buf)-1); + RETURN_SSL(err); + + buf[err] = '\0'; + printf("Received %d chars:'%s'\n", err, buf); + + /*--------------- SSL Renegotiation initiated by client ---------------*/ + printf("\n>> Starting Renegotiation 2 (initiated by the client)\n"); + + if(SSL_renegotiate(ssl)<=0){ + printf("SSL_renegotiate() failed.\n"); + exit(1); + } + + if(SSL_do_handshake(ssl)<=0){ + printf("SSL_do_handshake() failed.\n"); + exit(1); + } + + printf(">> SSL Renegotiation succeeded\n"); + + sess = SSL_get_session(ssl); + printf("After Renegotiation: SSL_SESSION_hash(sess) >> %d\n", SSL_SESSION_hash(sess)); + + /* Send a message to Server */ + err = SSL_write(ssl, "Message from Client after Rehandshake", strlen("Message from Client after Rehandshake")); + RETURN_SSL(err); + + /* Receive a message from Server */ + err = SSL_read(ssl, buf, sizeof(buf)-1); + RETURN_SSL(err); + + buf[err] = '\0'; + printf("Received %d chars:'%s'\n", err, buf); + + /*--------------- SSL closure ---------------*/ + /* Shutdown this side of the SSL connection */ + err = SSL_shutdown(ssl); + RETURN_SSL(err); + + /* Terminate communication on a socket */ + err = close(sock); + RETURN_ERR(err, "close"); + + /* Free the SSL structure */ + SSL_free(ssl); + + /* Free the SSL_CTX structure */ + SSL_CTX_free(ctx); +} + diff --git a/demos/vms_examples/ssl$cli_sess_reuse.c b/demos/vms_examples/ssl$cli_sess_reuse.c new file mode 100644 index 000000000..982508da5 --- /dev/null +++ b/demos/vms_examples/ssl$cli_sess_reuse.c @@ -0,0 +1,319 @@ +/* + * ++ + * FACILITY: + * + * Simplest SSL Client + "Socket BIO" + "Session Reuse (Resumption)" + * + * ABSTRACT: + * + * This is an example of a SSL client with minimum functionality. + * This client uses Socket BIO. + * The socket APIs are used to handle TCP/IP operations. + * + * This SSL client verifies the server's certificate against the CA + * certificate loaded in the client. + * + * This SSL client does not load its own certificate and key because + * the SSL server does not request & verify the client certificate. + * + * This SSL client also demonstrates how to implement SSL Session Reuse (Resumption) + * in the client. + * + * ENVIRONMENT: + * + * OpenVMS Alpha V7.2-2 + * TCP/IP Services V5.0A or higher + * + * AUTHOR: + * + * Taka Shinagawa, OpenVMS Security Group + * + * CREATION DATE: + * + * 1-Jan-2002 + * + * -- + */ + +/* Assumptions, Build, Configuration, and Run Instructions */ + +/* + * ASSUMPTIONS: + * + * The following are assumed to be true for the + * execution of this program to succeed: + * + * - SSL is installed and started on this system. + * + * - this server program, and its accompanying client + * program are run on the same system, but in different + * processes. + * + * - the certificate and keys referenced by this program + * reside in the same directory as this program. There + * is a command procedure, SSL$EXAMPLES_SETUP.COM, to + * help set up the certificates and keys. + * + * BUILD INSTRUCTIONS: + * + * To build this example program use commands of the form, + * + * For a 32-bit application using only SSL APIs needs to run the following commands for SSL_APP.C . + * ----------------------------------------------------------------- + * $CC/POINTER_SIZE=32/PREFIX_LIBRARY_ENTRIES=ALL_ENTRIES SSL_APP.C + * $LINK SSL_APP.OBJ, VMS_DECC_OPTIONS.OPT/OPT + * ----------------------------------------------------------------- + * VMS_DECC_OPTIONS.OPT should include the following lines. + * ------------------------------------------------- + * SYS$LIBRARY:OPENSSL$LIBCRYPTO_SHR32.EXE/SHARE + * SYS$LIBRARY:OPENSSL$LIBSSL_SHR32.EXE/SHARE + * ------------------------------------------------- + * + * Creating a 64-bit application of SSL_APP.C should run the following commands. + * ----------------------------------------------------------------- + * $CC/POINTER_SIZE=64/PREFIX_LIBRARY_ENTRIES=ALL_ENTRIES SSL_APP.C + * $LINK SSL_APP.OBJ, VMS_DECC_OPTIONS.OPT/OPT + * ----------------------------------------------------------------- + * VMS_DECC_OPTIONS.OPT should include the following lines. + * ------------------------------------------------- + * SYS$LIBRARY:OPENSSL$LIBCRYPTO_SHR.EXE/SHARE + * SYS$LIBRARY:OPENSSL$LIBSSL_SHR.EXE/SHARE + * ------------------------------------------------- + * + * + * CONFIGURATION INSTRUCTIONS: + * + * + * RUN INSTRUCTIONS: + * + * To run this example program: + * + * 1) Start the server program on this system, + * + * $ run server + * + * 2) Start the client program on this same system, + * + * $ run client + * + */ + + + +#include +#include +#include +#include +#include + +#ifdef __VMS +#include +#include +#include +#else +#include +#include +#include +#include +#endif + +#include +#include +#include + +#define RETURN_NULL(x) if ((x)==NULL) exit (1) +#define RETURN_ERR(err,s) if ((err)==-1) { perror(s); exit(1); } +#define RETURN_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(1); } + +static int verify_callback(int ok, X509_STORE_CTX *ctx); + +#define RSA_CLIENT_CERT "client.crt" +#define RSA_CLIENT_KEY "client.key" + +#define RSA_CLIENT_CA_CERT "client_ca.crt" +#define RSA_CLIENT_CA_PATH "sys$common:[syshlp.examples.ssl]" + +#define ON 1 +#define OFF 0 + +void main() +{ + int err, i; + int verify_client = OFF; /* To verify a client certificate, set ON */ + + int sock; + struct sockaddr_in server_addr; + char *str; + char buf [4096]; + char hello[80]; + + SSL_CTX *ctx; + SSL *ssl; + SSL_METHOD *meth; + X509 *server_cert; + BIO *sbio = NULL; + SSL_SESSION *sess; + + EVP_PKEY *pkey; + + short int s_port = 5555; + const char *s_ipaddr = "127.0.0.1"; + + /*----------------------------------------------------------*/ + printf ("Message to be sent to the SSL server: "); + fgets (hello, 80, stdin); + + /* Load encryption & hashing algorithms for the SSL program */ + SSL_library_init(); + + /* Load the error strings for SSL & CRYPTO APIs */ + SSL_load_error_strings(); + + /* Create a SSL_METHOD structure (choose a SSL/TLS protocol version) */ + meth = SSLv3_method(); + + /* Create a SSL_CTX structure */ + ctx = SSL_CTX_new(meth); + RETURN_NULL(ctx); + + /*-------------------------------------------------------------------------*/ + if(verify_client == ON) + { + /* Load the client certificate into the SSL_CTX structure */ + if (SSL_CTX_use_certificate_file(ctx, RSA_CLIENT_CERT, SSL_FILETYPE_PEM) <= 0) { + ERR_print_errors_fp(stderr); + exit(1); + } + + /* Load the private-key corresponding to the client certificate */ + if (SSL_CTX_use_PrivateKey_file(ctx, RSA_CLIENT_KEY, SSL_FILETYPE_PEM) <= 0) { + ERR_print_errors_fp(stderr); + exit(1); + } + + /* Check if the client certificate and private-key matches */ + if (!SSL_CTX_check_private_key(ctx)) { + fprintf(stderr,"Private key does not match the certificate public key\n"); + exit(1); + } + } + + /* Load the RSA CA certificate into the SSL_CTX structure */ + if (!SSL_CTX_load_verify_locations(ctx, RSA_CLIENT_CA_CERT, NULL)) { + ERR_print_errors_fp(stderr); + exit(1); + } + + /* Set to require peer (server) certificate verification */ + SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER,NULL); + SSL_CTX_set_verify_depth(ctx,1); + + for(i=0; i<2; i++) + { + /* ----------------------------------------------------------------- */ + /* Set up a TCP socket */ + + sock = socket (PF_INET, SOCK_STREAM, IPPROTO_TCP); + RETURN_ERR(sock, "socket"); + + memset (&server_addr, '\0', sizeof(server_addr)); + server_addr.sin_family = AF_INET; + server_addr.sin_port = htons(s_port); /* Server Port number */ + server_addr.sin_addr.s_addr = inet_addr(s_ipaddr); /* Server IP */ + + /* Establish a TCP/IP connection to the SSL client */ + err = connect(sock, (struct sockaddr*) &server_addr, sizeof(server_addr)); + RETURN_ERR(err, "connect"); + + /* ----------------------------------------------- */ + /* A SSL structure is created */ + ssl = SSL_new (ctx); + RETURN_NULL(ssl); + + if(1){ /* Use a socket BIO between the socket and SSL structure */ + /* Create a socket BIO */ + sbio = BIO_new_socket(sock, BIO_NOCLOSE); + + /* Assign the socket BIO to the SSL structure*/ + SSL_set_bio(ssl, sbio, sbio); + } + else{ + /* Assign the socket into the SSL structure (SSL and socket without BIO) */ + SSL_set_fd(ssl, sock); + } + + if(i==1) + SSL_set_session(ssl,sess); + + /* Perform SSL Handshake on the SSL client */ + err = SSL_connect(ssl); + RETURN_SSL(err); + + /* Informational output (optional) */ + printf ("SSL connection using %s\n", SSL_get_cipher (ssl)); + + + /* Get the server's certificate (optional) */ + server_cert = SSL_get_peer_certificate (ssl); + + if (server_cert != NULL) + { + printf ("Server certificate:\n"); + + str = X509_NAME_oneline(X509_get_subject_name(server_cert),0,0); + RETURN_NULL(str); + printf ("\t subject: %s\n", str); + free (str); + + str = X509_NAME_oneline(X509_get_issuer_name(server_cert),0,0); + RETURN_NULL(str); + printf ("\t issuer: %s\n", str); + free(str); + + X509_free (server_cert); + } + else + printf("The SSL server does not have certificate.\n"); + + + /*--------------- DATA EXCHANGE - send message and receive reply. ---------------*/ + + /* Send data to the SSL server */ + err = SSL_write(ssl, hello, strlen(hello)); + RETURN_SSL(err); + + /* Receive data from the SSL client */ + err = SSL_read(ssl, buf, sizeof(buf)-1); + RETURN_SSL(err); + buf[err] = '\0'; + printf ("Received %d chars:'%s'\n", err, buf); + + /*---------- Save the SSL session (for SSL session resumption) ----------*/ + if(i==0){ + sess = SSL_get1_session(ssl); + RETURN_NULL(sess); + } + + /*--------------- SSL closure ---------------*/ + /* Shutdown this side of the SSL conection */ + err = SSL_shutdown(ssl); + RETURN_SSL(err); + + /* Terminate communication on a socket */ + err = close(sock); + RETURN_ERR(err, "close"); + + BIO_free(sbio); + } + + printf("SSL_session_reused()>>%d\n",SSL_session_reused(ssl)); + + SSL_SESSION_free(sess); + + /* Free the SSL structure */ + SSL_free(ssl); + + /* Free the SSL_CTX structure */ + SSL_CTX_free(ctx); +} + diff --git a/demos/vms_examples/ssl$cli_sess_reuse_cli_ver.c b/demos/vms_examples/ssl$cli_sess_reuse_cli_ver.c new file mode 100644 index 000000000..f23586795 --- /dev/null +++ b/demos/vms_examples/ssl$cli_sess_reuse_cli_ver.c @@ -0,0 +1,322 @@ +/* + * ++ + * FACILITY: + * + * Simplest SSL Server + "Socket BIO" + "client certificate verification" + "Session Reuse (Resumption)" + * + * ABSTRACT: + * + * This is an example of a SSL client with minimum functionality. + * This client uses Socket BIO. + * The socket APIs are used to handle TCP/IP operations. + * + * This SSL client verifies the server's certificate against the CA + * certificate loaded in the client. + * + * This SSL client loads its own certificate and key for the + * client certificate verification on the SSL server. + * + * This SSL client also demonstrates how to implement SSL Session Reuse (Resumption) + * in the client. + * + * ENVIRONMENT: + * + * OpenVMS Alpha V7.2-2 + * TCP/IP Services V5.0A or higher + * + * AUTHOR: + * + * Taka Shinagawa, OpenVMS Security Group + * + * CREATION DATE: + * + * 1-Jan-2002 + * + * -- + */ + +/* Assumptions, Build, Configuration, and Execution Instructions */ + +/* + * ASSUMPTIONS: + * + * The following are assumed to be true for the + * execution of this program to succeed: + * + * - SSL is installed and started on this system. + * + * - this server program, and its accompanying client + * program are run on the same system, but in different + * processes. + * + * - the certificate and keys referenced by this program + * reside in the same directory as this program. There + * is a command procedure, SSL$EXAMPLES_SETUP.COM, to + * help set up the certificates and keys. + * + * BUILD INSTRUCTIONS: + * + * To build this example program use commands of the form, + * + * For a 32-bit application using only SSL APIs needs to run the following commands for SSL_APP.C . + * ----------------------------------------------------------------- + * $CC/POINTER_SIZE=32/PREFIX_LIBRARY_ENTRIES=ALL_ENTRIES SSL_APP.C + * $LINK SSL_APP.OBJ, VMS_DECC_OPTIONS.OPT/OPT + * ----------------------------------------------------------------- + * VMS_DECC_OPTIONS.OPT should include the following lines. + * ------------------------------------------------- + * SYS$LIBRARY:OPENSSL$LIBCRYPTO_SHR32.EXE/SHARE + * SYS$LIBRARY:OPENSSL$LIBSSL_SHR32.EXE/SHARE + * ------------------------------------------------- + * + * Creating a 64-bit application of SSL_APP.C should run the following commands. + * ----------------------------------------------------------------- + * $CC/POINTER_SIZE=64/PREFIX_LIBRARY_ENTRIES=ALL_ENTRIES SSL_APP.C + * $LINK SSL_APP.OBJ, VMS_DECC_OPTIONS.OPT/OPT + * ----------------------------------------------------------------- + * VMS_DECC_OPTIONS.OPT should include the following lines. + * ------------------------------------------------- + * SYS$LIBRARY:OPENSSL$LIBCRYPTO_SHR.EXE/SHARE + * SYS$LIBRARY:OPENSSL$LIBSSL_SHR.EXE/SHARE + * ------------------------------------------------- + * + * + * CONFIGURATION INSTRUCTIONS: + * + * + * RUN INSTRUCTIONS: + * + * To run this example program: + * + * 1) Start the server program on this system, + * + * $ run server + * + * 2) Start the client program on this same system, + * + * $ run client + * + */ + + +#include +#include +#include +#include +#include + +#ifdef __VMS +#include +#include +#include +#else +#include +#include +#include +#include +#endif + +#include +#include +#include + +#define RETURN_NULL(x) if ((x)==NULL) exit (1) +#define RETURN_ERR(err,s) if ((err)==-1) { perror(s); exit(1); } +#define RETURN_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(1); } + +static int verify_callback(int ok, X509_STORE_CTX *ctx); + +#define RSA_CLIENT_CERT "client.crt" +#define RSA_CLIENT_KEY "client.key" + +#define RSA_CLIENT_CA_CERT "client_ca.crt" +#define RSA_CLIENT_CA_PATH "sys$common:[syshlp.examples.ssl]" + +#define ON 1 +#define OFF 0 + +void main() +{ + int err, i; + int verify_client = ON; /* To verify a client certificate, set ON */ + + int sock; + struct sockaddr_in server_addr; + char *str; + char buf [4096]; + char hello[80]; + + SSL_CTX *ctx; + SSL *ssl; + SSL_METHOD *meth; + X509 *server_cert; + BIO *sbio = NULL; + SSL_SESSION *sess; + + EVP_PKEY *pkey; + + short int s_port = 5555; + const char *s_ipaddr = "127.0.0.1"; + + /*----------------------------------------------------------*/ + printf ("Message to be sent to the SSL server: "); + fgets (hello, 80, stdin); + + /* Load encryption & hashing algorithms for the SSL program */ + SSL_library_init(); + + /* Load the error strings for SSL & CRYPTO APIs */ + SSL_load_error_strings(); + + /* Create a SSL_METHOD structure (choose a SSL/TLS protocol version) */ + meth = SSLv3_method(); + + /* Create a SSL_CTX structure */ + ctx = SSL_CTX_new(meth); + RETURN_NULL(ctx); + + /*-------------------------------------------------------------------------*/ + if(verify_client == ON) + { + /* Load the client certificate into the SSL_CTX structure */ + if (SSL_CTX_use_certificate_file(ctx, RSA_CLIENT_CERT, SSL_FILETYPE_PEM) <= 0) { + ERR_print_errors_fp(stderr); + exit(1); + } + + /* Load the private-key corresponding to the client certificate */ + if (SSL_CTX_use_PrivateKey_file(ctx, RSA_CLIENT_KEY, SSL_FILETYPE_PEM) <= 0) { + ERR_print_errors_fp(stderr); + exit(1); + } + + /* Check if the client certificate and private-key matches */ + if (!SSL_CTX_check_private_key(ctx)) { + fprintf(stderr,"Private key does not match the certificate public key\n"); + exit(1); + } + } + + /* Load the RSA CA certificate into the SSL_CTX structure */ + if (!SSL_CTX_load_verify_locations(ctx, RSA_CLIENT_CA_CERT, NULL)) { + ERR_print_errors_fp(stderr); + exit(1); + } + + /* Set to require peer (server) certificate verification */ + SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER,NULL); + SSL_CTX_set_verify_depth(ctx,1); + + for(i=0; i<2; i++) + { + /* ----------------------------------------------------------------- */ + /* Set up a TCP socket */ + + sock = socket (PF_INET, SOCK_STREAM, IPPROTO_TCP); + RETURN_ERR(sock, "socket"); + + memset (&server_addr, '\0', sizeof(server_addr)); + server_addr.sin_family = AF_INET; + server_addr.sin_port = htons(s_port); /* Server Port number */ + server_addr.sin_addr.s_addr = inet_addr(s_ipaddr); /* Server IP */ + + /* Establish a TCP/IP connection to the SSL client */ + err = connect(sock, (struct sockaddr*) &server_addr, sizeof(server_addr)); + RETURN_ERR(err, "connect"); + + /* ----------------------------------------------- */ + /* A SSL structure is created */ + ssl = SSL_new (ctx); + RETURN_NULL(ssl); + + if(1){ /* Use a socket BIO between the socket and SSL structure */ + /* Create a socket BIO */ + sbio = BIO_new_socket(sock, BIO_NOCLOSE); + + /* Assign the socket BIO to the SSL structure*/ + SSL_set_bio(ssl, sbio, sbio); + } + else{ + /* Assign the socket into the SSL structure (SSL and socket without BIO) */ + SSL_set_fd(ssl, sock); + } + + if(i==1) + SSL_set_session(ssl,sess); + + /* Perform SSL Handshake on the SSL client */ + err = SSL_connect(ssl); + RETURN_SSL(err); + + /* Informational output (optional) */ + printf ("SSL connection using %s\n", SSL_get_cipher (ssl)); + + + /* Get the server's certificate (optional) */ + server_cert = SSL_get_peer_certificate (ssl); + + if (server_cert != NULL) + { + printf ("Server certificate:\n"); + + str = X509_NAME_oneline(X509_get_subject_name(server_cert),0,0); + RETURN_NULL(str); + printf ("\t subject: %s\n", str); + free (str); + + str = X509_NAME_oneline(X509_get_issuer_name(server_cert),0,0); + RETURN_NULL(str); + printf ("\t issuer: %s\n", str); + free(str); + + X509_free (server_cert); + } + else + printf("The SSL server does not have certificate.\n"); + + + /*--------------- DATA EXCHANGE - send message and receive reply. ---------------*/ + + /* Send data to the SSL server */ + err = SSL_write(ssl, hello, strlen(hello)); + RETURN_SSL(err); + + /* Receive data from the SSL client */ + err = SSL_read(ssl, buf, sizeof(buf)-1); + RETURN_SSL(err); + buf[err] = '\0'; + printf ("Received %d chars:'%s'\n", err, buf); + + /*---------- Save the SSL session (for SSL session resumption) ----------*/ + if(i==0){ + sess = SSL_get1_session(ssl); + RETURN_NULL(sess); + } + + /*--------------- SSL closure ---------------*/ + /* Shutdown this side of the SSL connection */ + err = SSL_shutdown(ssl); + RETURN_SSL(err); + + /* Terminate communication on a socket */ + err = close(sock); + RETURN_ERR(err, "close"); + + BIO_free(sbio); + } + + printf("SSL_session_reused()>>%d\n",SSL_session_reused(ssl)); + + SSL_SESSION_free(sess); + + /* Terminate communication on a socket */ +/* err = close(sock); + RETURN_ERR(err, "close"); +*/ + /* Free the SSL structure */ + SSL_free(ssl); + + /* Free the SSL_CTX structure */ + SSL_CTX_free(ctx); +} + diff --git a/demos/vms_examples/ssl$cli_verify_client.c b/demos/vms_examples/ssl$cli_verify_client.c new file mode 100644 index 000000000..f87a0cbf4 --- /dev/null +++ b/demos/vms_examples/ssl$cli_verify_client.c @@ -0,0 +1,296 @@ +/* + * ++ + * FACILITY: + * + * Simplest SSL Client + "Socket BIO" + "client certificate verification" + * + * ABSTRACT: + * + * This is an example of a SSL client with minimum functionality (using Socket BIO). + * The socket APIs are used to handle TCP/IP operations. + * + * This SSL client verifies the server's certificate against the CA + * certificate loaded in the client. + * + * This SSL client loads its own certificate and key for the + * client certificate verification on the SSL server. + * + * ENVIRONMENT: + * + * OpenVMS Alpha V7.2-2 + * TCP/IP Services V5.0A or higher + * + * AUTHOR: + * + * Taka Shinagawa, OpenVMS Security Group + * + * CREATION DATE: + * + * 1-Jan-2002 + * + * -- + */ + + +/* Assumptions, Build, Configuration, and Execution Instructions */ + +/* + * ASSUMPTIONS: + * + * The following are assumed to be true for the + * execution of this program to succeed: + * + * - SSL is installed and started on this system. + * + * - this server program, and its accompanying client + * program are run on the same system, but in different + * processes. + * + * - the certificate and keys referenced by this program + * reside in the same directory as this program. There + * is a command procedure, SSL$EXAMPLES_SETUP.COM, to + * help set up the certificates and keys. + * + * BUILD INSTRUCTIONS: + * + * To build this example program use commands of the form, + * + * For a 32-bit application using only SSL APIs needs to run the following commands for SSL_APP.C . + * ----------------------------------------------------------------- + * $CC/POINTER_SIZE=32/PREFIX_LIBRARY_ENTRIES=ALL_ENTRIES SSL_APP.C + * $LINK SSL_APP.OBJ, VMS_DECC_OPTIONS.OPT/OPT + * ----------------------------------------------------------------- + * VMS_DECC_OPTIONS.OPT should include the following lines. + * ------------------------------------------------- + * SYS$LIBRARY:OPENSSL$LIBCRYPTO_SHR32.EXE/SHARE + * SYS$LIBRARY:OPENSSL$LIBSSL_SHR32.EXE/SHARE + * ------------------------------------------------- + * + * Creating a 64-bit application of SSL_APP.C should run the following commands. + * ----------------------------------------------------------------- + * $CC/POINTER_SIZE=64/PREFIX_LIBRARY_ENTRIES=ALL_ENTRIES SSL_APP.C + * $LINK SSL_APP.OBJ, VMS_DECC_OPTIONS.OPT/OPT + * ----------------------------------------------------------------- + * VMS_DECC_OPTIONS.OPT should include the following lines. + * ------------------------------------------------- + * SYS$LIBRARY:OPENSSL$LIBCRYPTO_SHR.EXE/SHARE + * SYS$LIBRARY:OPENSSL$LIBSSL_SHR.EXE/SHARE + * ------------------------------------------------- + * + * + * CONFIGURATION INSTRUCTIONS: + * + * + * RUN INSTRUCTIONS: + * + * To run this example program: + * + * 1) Start the server program, + * + * $ run server + * + * 2) Start the client program on this same system, + * + * $ run client + * + */ + + +#include +#include +#include +#include +#include + +#ifdef __VMS +#include +#include +#include +#else +#include +#include +#include +#include +#endif + +#include +#include +#include + +#define RETURN_NULL(x) if ((x)==NULL) exit (1) +#define RETURN_ERR(err,s) if ((err)==-1) { perror(s); exit(1); } +#define RETURN_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(1); } + +static int verify_callback(int ok, X509_STORE_CTX *ctx); + +#define RSA_CLIENT_CERT "client.crt" +#define RSA_CLIENT_KEY "client.key" + +#define RSA_CLIENT_CA_CERT "client_ca.crt" +#define RSA_CLIENT_CA_PATH "sys$common:[syshlp.examples.ssl]" + +#define ON 1 +#define OFF 0 + +void main() +{ + int err; + int verify_client = ON; /* To verify a client certificate, set ON */ + + int sock; + struct sockaddr_in server_addr; + char *str; + char buf [4096]; + char hello[80]; + + SSL_CTX *ctx; + SSL *ssl; + SSL_METHOD *meth; + X509 *server_cert; + BIO *sbio = NULL; + + EVP_PKEY *pkey; + + short int s_port = 5555; + const char *s_ipaddr = "127.0.0.1"; + + /*----------------------------------------------------------*/ + printf ("Message to be sent to the SSL server: "); + fgets (hello, 80, stdin); + + /* Load encryption & hashing algorithms for the SSL program */ + SSL_library_init(); + + /* Load the error strings for SSL & CRYPTO APIs */ + SSL_load_error_strings(); + + /* Create a SSL_METHOD structure (choose a SSL/TLS protocol version) */ + meth = SSLv3_method(); + + /* Create a SSL_CTX structure */ + ctx = SSL_CTX_new(meth); + RETURN_NULL(ctx); + + /*-------------------------------------------------------------------------*/ + if(verify_client == ON) + { + /* Load the client certificate into the SSL_CTX structure */ + if (SSL_CTX_use_certificate_file(ctx, RSA_CLIENT_CERT, SSL_FILETYPE_PEM) <= 0) { + ERR_print_errors_fp(stderr); + exit(1); + } + + /* Load the private-key corresponding to the client certificate */ + if (SSL_CTX_use_PrivateKey_file(ctx, RSA_CLIENT_KEY, SSL_FILETYPE_PEM) <= 0) { + ERR_print_errors_fp(stderr); + exit(1); + } + + /* Check if the client certificate and private-key matches */ + if (!SSL_CTX_check_private_key(ctx)) { + fprintf(stderr,"Private key does not match the certificate public key\n"); + exit(1); + } + } + + /* Load the RSA CA certificate into the SSL_CTX structure */ + if (!SSL_CTX_load_verify_locations(ctx, RSA_CLIENT_CA_CERT, NULL)) { + ERR_print_errors_fp(stderr); + exit(1); + } + + /* Set to require peer (server) certificate verification */ + SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER,NULL); + SSL_CTX_set_verify_depth(ctx,1); + + /* ----------------------------------------------------------------- */ + /* Set up a TCP socket */ + + sock = socket (PF_INET, SOCK_STREAM, IPPROTO_TCP); + RETURN_ERR(sock, "socket"); + + memset (&server_addr, '\0', sizeof(server_addr)); + server_addr.sin_family = AF_INET; + server_addr.sin_port = htons(s_port); /* Server Port number */ + server_addr.sin_addr.s_addr = inet_addr(s_ipaddr); /* Server IP */ + + /* Establish a TCP/IP connection to the SSL client */ + err = connect(sock, (struct sockaddr*) &server_addr, sizeof(server_addr)); + RETURN_ERR(err, "connect"); + + /* ----------------------------------------------- */ + /* A SSL structure is created */ + ssl = SSL_new (ctx); + RETURN_NULL(ssl); + + if(1){ /* Use a socket BIO between the socket and SSL structure */ + /* Create a socket BIO */ + sbio = BIO_new_socket(sock, BIO_NOCLOSE); + + /* Assign the socket BIO to the SSL structure*/ + SSL_set_bio(ssl, sbio, sbio); + } + else{ + /* Assign the socket into the SSL structure (SSL and socket without BIO) */ + SSL_set_fd(ssl, sock); + } + + /* Perform SSL Handshake on the SSL client */ + err = SSL_connect(ssl); + RETURN_SSL(err); + + /* Informational output (optional) */ + printf ("SSL connection using %s\n", SSL_get_cipher (ssl)); + + + /* Get the server's certificate (optional) */ + server_cert = SSL_get_peer_certificate (ssl); + + if (server_cert != NULL) + { + printf ("Server certificate:\n"); + + str = X509_NAME_oneline(X509_get_subject_name(server_cert),0,0); + RETURN_NULL(str); + printf ("\t subject: %s\n", str); + free (str); + + str = X509_NAME_oneline(X509_get_issuer_name(server_cert),0,0); + RETURN_NULL(str); + printf ("\t issuer: %s\n", str); + free(str); + + X509_free (server_cert); + } + else + printf("The SSL server does not have certificate.\n"); + + + /*--------------- DATA EXCHANGE - send message and receive reply. ---------------*/ + + /* Send data to the SSL server */ + err = SSL_write(ssl, hello, strlen(hello)); + RETURN_SSL(err); + + /* Receive data from the SSL client */ + err = SSL_read(ssl, buf, sizeof(buf)-1); + RETURN_SSL(err); + buf[err] = '\0'; + printf ("Received %d chars:'%s'\n", err, buf); + + /*--------------- SSL closure ---------------*/ + /* Shutdown this side of the SSL connection */ + err = SSL_shutdown(ssl); + RETURN_SSL(err); + + /* Terminate communication on a socket */ + err = close(sock); + RETURN_ERR(err, "close"); + + /* Free the SSL structure */ + SSL_free(ssl); + + /* Free the SSL_CTX structure */ + SSL_CTX_free(ctx); +} + diff --git a/demos/vms_examples/ssl$examples_setup.com b/demos/vms_examples/ssl$examples_setup.com new file mode 100644 index 000000000..c5ccf4c7a --- /dev/null +++ b/demos/vms_examples/ssl$examples_setup.com @@ -0,0 +1,174 @@ +$! +$! SSL$EXAMPLES_SETUP.COM -- +$! +$! This command procedure is actually a template that will show +$! the commands necessary to create certificates and keys for the example +$! programs. +$! +$! Also included in this file are the necessary options to enter into the +$! SSL$CERT_TOOL.COM to create the necessary certificates and keys to the +$! example programs. The SSL$CERT_TOOL.COM is found in SSL$COM. See the +$! documenation for more information about the SSL$CERT_TOOL.COM. +$! +$! 1. Create CA certificate - option 5 in SSL$CERT_TOOL.COM. +$! This will create a key in one file and a certificate in +$! another file. +$! +$! 2. Make 2 copies of CA certificate created in step #1. +$! One should be called server_ca.crt and the other called +$! client_ca.crt as these are the filenames defined in the +$! example programs. You will have to exit the SSL$CERT_TOOL.COM +$! procedure to do this operation. +$! +$! 3. Create a server certificate signing request - option 3 in SSL$CERT_TOOL.COM. +$! The Common Name should be the TCP/IP hostname of the server system. +$! +$! 4. Sign server certificate signing request - option 6 in SSL$CERT_TOOL.COM +$! Use the CA certificate, server_ca.crt, created in step #1 to sign the request +$! created in step #3. This will create a key file, which should be named +$! server.key, and a certificate file, which should be named server.crt. +$! These are the names as they are defined in example programs. +$! +$! 5. Create a client certificate signing request - option 3 in SSL$CERT_TOOL.COM. +$! +$! 6. Sign client certificate signing request - option 6 in SSL$CERT_TOOL.COM +$! Use the CA certificate, client_ca.crt, created in step #1 to sign the request +$! created in step #5. This will create a key file, which should be named +$! client.key, and a certificate file, which should be named client.crt. +$! These are the names as they are defined in example programs. +$! +$! 7. These certificates and keys should reside in the same directory as +$! the example programs. +$! +$! +$! +$! +$! The commands have been changed to use generic data as +$! input. To use these commands, one will have to substitute +$! the generic data with data specific to their site. +$! For example, yourcountry could be change to US. It is +$! assumed that the SSL startup file, SYS$STARTUP:SSL$STARTUP.COM, +$! and the SSL$COM:SSL$UTILS.COM procedures have been executed. +$! +$! Set up some random data. +$! +$! $ show system/full/output=randfile. +$! +$! +$! Check to make sure the SERIAL and INDEX files exist. +$! If they don't, create them. +$! +$! $ if f$search ("SSL$PRIVATE:SERIAL.TXT") .eqs. "" +$! $ then +$! $ CREATE SSL$PRIVATE:SERIAL.TXT +$! 01 +$! $ endif +$! +$! $ if f$search ("SSL$PRIVATE:INDEX.TXT") .eqs. "" +$! $ then +$! $ CREATE SSL$PRIVATE:INDEX.TXT +$! $ endif +$! +$! Create the CA certificate. +$! +$! $ define/user sys$command sys$input +$! $ openssl req -config ssl$root:[000000]openssl-vms.cnf -new -x509 -days 1825 -keyout ca.key -out ca.crt +$! yourpassword +$! yourpassword +$! yourcountry +$! yourstate +$! yourcity +$! yourcompany +$! yourdepartment +$! your Certificate Authority certificate +$! firstname.lastname@yourcompany.com +$! $! +$! $! +$! $! Create the server certificate request. +$! $! +$! $! Note : There is no way to use the value of a +$! $! symbol when you are using the value of +$! $! symbol as input, as we do below. To get +$! $! around, we create a .COM on the fly and +$! $! execute the created .COm file to create +$! $! the server certificate. What a pain! +$! $! +$! $ hostname = f$trnlnm("tcpip$inet_host") +$! $ domain = f$trnlnm("tcpip$inet_domain") +$! $ server_name = hostname + "." + domain" +$! $! +$! $ open/write s_com create_s_cert.com +$! $! +$! $ write s_com "$!" +$! $ write s_com "$ define/user sys$command sys$input +$! $ write s_com "$ openssl req -new -nodes -config ssl$root:[000000]openssl-vms.cnf -keyout server.key -out server.csr" +$! $ write s_com "yourcountry" +$! $ write s_com "yourstate" +$! $ write s_com "yourcity" +$! $ write s_com "yourcompany" +$! $ write s_com "yourdepartment" +$! $ write s_com "''server_name'" +$! $ write s_com "firstname.lastname@yourcompany.com" +$! $ write s_com "" +$! $ write s_com "" +$! $! +$! $ close s_com +$! $ @create_s_cert +$! $ delete create_s_cert.com; +$! $! +$! $! +$! $! Now, sign the server certificate ... +$! $! +$! $ define/user sys$command sys$input +$! $ openssl ca -config ssl$root:[000000]openssl-vms.cnf -cert ca.crt -keyfile ca.key -out server.crt -infiles server.csr +$! yourpassword +$! Y +$! Y +$! $! +$! $! +$! $! Create the client certificate request. +$! $! +$! $ define/user sys$command sys$input +$! $ openssl req -new -nodes -config ssl$root:[000000]openssl-vms.cnf -keyout client.key -out client.csr +$! yourcountry +$! yourstate +$! yourcity +$! yourcompany +$! yourdepartment +$! yourname +$! firstname.lastname@yourcompany.com +$! +$! +$! $! +$! $! +$! $! Now, sign the client certificate ... +$! $! +$! $ define/user sys$command sys$input +$! $ openssl ca -config ssl$root:[000000]openssl-vms.cnf -cert ca.crt -keyfile ca.key -out client.crt -infiles client.csr +$! yourpassword +$! Y +$! Y +$! $! +$! $! Let's view the CA certificate. +$! $! +$! $ openssl x509 -noout -text -in ca.crt +$! $! +$! $! +$! $! Let's view the Server Certificate Request. +$! $! +$! $ openssl req -noout -text -in server.csr +$! $! +$! $! Let's view the Server Certificate. +$! $! +$! $ openssl x509 -noout -text -in server.crt +$! $! +$! $! Let's view the Client Certificate Request. +$! $! +$! $ openssl req -noout -text -in client.csr +$! $! +$! $! Let's view the Client Certificate. +$! $! +$! $ openssl x509 -noout -text -in client.crt +$! $! +$! $! +$! $exit diff --git a/demos/vms_examples/ssl$serv_sess_renego.c b/demos/vms_examples/ssl$serv_sess_renego.c new file mode 100644 index 000000000..f1fc9b882 --- /dev/null +++ b/demos/vms_examples/ssl$serv_sess_renego.c @@ -0,0 +1,379 @@ +/* + * ++ + * FACILITY: + * + * Simplest SSL Server + "Socket BIO" + "SSL Renegotiation" + * + * ABSTRACT: + * + * This is an example of a SSL server with minimum functionality. + * This server uses Socket BIO. + * The socket APIs are used to handle TCP/IP operations. This SSL + * server loads its own certificate and key, but it does not verify + * the certificate of the SSL client. + * + * This SSL server also demonstrates how to implement SSL Renegotiation + * in the server. + * + * ENVIRONMENT: + * + * OpenVMS Alpha V7.2-2 + * TCP/IP Services V5.0A or higher + * + * AUTHOR: + * + * Taka Shinagawa, OpenVMS Security Group + * + * CREATION DATE: + * + * 1-Jan-2002 + * + * -- + */ + +/* Assumptions, Build, Configuration, and Execution Instructions */ + +/* + * ASSUMPTIONS: + * + * The following are assumed to be true for the + * execution of this program to succeed: + * + * - SSL is installed and started on this system. + * + * - this server program, and its accompanying client + * program are run on the same system, but in different + * processes. + * + * - the certificate and keys referenced by this program + * reside in the same directory as this program. There + * is a command procedure, SSL$EXAMPLES_SETUP.COM, to + * help set up the certificates and keys. + * + * BUILD INSTRUCTIONS: + * + * To build this example program use commands of the form, + * + * For a 32-bit application using only SSL APIs needs to run the following commands for SSL_APP.C . + * ----------------------------------------------------------------- + * $CC/POINTER_SIZE=32/PREFIX_LIBRARY_ENTRIES=ALL_ENTRIES SSL_APP.C + * $LINK SSL_APP.OBJ, VMS_DECC_OPTIONS.OPT/OPT + * ----------------------------------------------------------------- + * VMS_DECC_OPTIONS.OPT should include the following lines. + * ------------------------------------------------- + * SYS$LIBRARY:OPENSSL$LIBCRYPTO_SHR32.EXE/SHARE + * SYS$LIBRARY:OPENSSL$LIBSSL_SHR32.EXE/SHARE + * ------------------------------------------------- + * + * Creating a 64-bit application of SSL_APP.C should run the following commands. + * ----------------------------------------------------------------- + * $CC/POINTER_SIZE=64/PREFIX_LIBRARY_ENTRIES=ALL_ENTRIES SSL_APP.C + * $LINK SSL_APP.OBJ, VMS_DECC_OPTIONS.OPT/OPT + * ----------------------------------------------------------------- + * VMS_DECC_OPTIONS.OPT should include the following lines. + * ------------------------------------------------- + * SYS$LIBRARY:OPENSSL$LIBCRYPTO_SHR.EXE/SHARE + * SYS$LIBRARY:OPENSSL$LIBSSL_SHR.EXE/SHARE + * ------------------------------------------------- + * + * + * CONFIGURATION INSTRUCTIONS: + * + * + * RUN INSTRUCTIONS: + * + * To run this example program: + * + * 1) Start the server program, + * + * $ run server + * + * 2) Start the client program on this same system, + * + * $ run client + * + */ + + +#include +#include +#include +#include +#include +#include + +#ifdef __VMS +#include +#include +#include +#include +#else +#include +#include +#include +#include +#endif + +#include +#include +#include + +#define RSA_SERVER_CERT "server.crt" +#define RSA_SERVER_KEY "server.key" + +#define RSA_SERVER_CA_CERT "server_ca.crt" +#define RSA_SERVER_CA_PATH "sys$common:[syshlp.examples.ssl]" + +#define ON 1 +#define OFF 0 + +#define RETURN_NULL(x) if ((x)==NULL) exit(1) +#define RETURN_ERR(err,s) if ((err)==-1) { perror(s); exit(1); } +#define RETURN_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(1); } + +void main () +{ + int err; + int verify_client = OFF; /* To verify a client certificate, set ON */ + + int listen_sock; + int sock; + struct sockaddr_in sa_serv; + struct sockaddr_in sa_cli; + size_t client_len; + char *str; + char buf[4096]; + + SSL_CTX *ctx; + SSL *ssl; + SSL_METHOD *meth; + X509 *client_cert = NULL; + BIO *sbio = NULL; + SSL_SESSION *sess = NULL; + + short int s_port = 5555; + + /*-----------------------------------------------------------------------------------------*/ + /* Load encryption & hashing algorithms for the SSL program */ + SSL_library_init(); + + /* Load the error strings for SSL & CRYPTO APIs */ + SSL_load_error_strings(); + + /* Create a SSL_METHOD structure (choose a SSL/TLS protocol version) */ + meth = TLSv1_method(); + + /* Create a SSL_CTX structure */ + ctx = SSL_CTX_new(meth); + if (!ctx) { + ERR_print_errors_fp(stderr); + exit(1); + } + + /* Load the server certificate into the SSL_CTX structure */ + if (SSL_CTX_use_certificate_file(ctx, RSA_SERVER_CERT, SSL_FILETYPE_PEM) <= 0) { + ERR_print_errors_fp(stderr); + exit(1); + } + + /* Load the private-key corresponding to the server certificate */ + if (SSL_CTX_use_PrivateKey_file(ctx, RSA_SERVER_KEY, SSL_FILETYPE_PEM) <= 0) { + ERR_print_errors_fp(stderr); + exit(1); + } + + /* Check if the server certificate and private-key matches */ + if (!SSL_CTX_check_private_key(ctx)) { + fprintf(stderr,"Private key does not match the certificate public key\n"); + exit(1); + } + + if(verify_client == ON) + { + /* Load the RSA CA certificate into the SSL_CTX structure */ + if (!SSL_CTX_load_verify_locations(ctx, RSA_SERVER_CA_CERT, NULL)) { + ERR_print_errors_fp(stderr); + exit(1); + } + + /* Set to require peer (client) certificate verification */ + SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER,NULL); + + /* Set the verification depth to 1 */ + SSL_CTX_set_verify_depth(ctx,1); + } + + /* ----------------------------------------------- */ + /* Set up a TCP socket */ + + listen_sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP); + RETURN_ERR(listen_sock, "socket"); + + memset (&sa_serv, '\0', sizeof(sa_serv)); + sa_serv.sin_family = AF_INET; + sa_serv.sin_addr.s_addr = INADDR_ANY; + sa_serv.sin_port = htons (s_port); /* Server Port number */ + + err = bind(listen_sock, (struct sockaddr*)&sa_serv,sizeof(sa_serv)); + RETURN_ERR(err, "bind"); + + /* Wait for an incoming TCP connection. */ + err = listen(listen_sock, 5); + RETURN_ERR(err, "listen"); + + client_len = sizeof(sa_cli); + + /* Socket for a TCP/IP connection is created */ + sock = accept(listen_sock, (struct sockaddr*)&sa_cli, &client_len); + RETURN_ERR(sock, "accept"); + close (listen_sock); + + printf ("Connection from %lx, port %x\n", sa_cli.sin_addr.s_addr, sa_cli.sin_port); + + /* ----------------------------------------------- */ + /* TCP connection is ready. */ + + /* A SSL structure is created */ + ssl = SSL_new(ctx); + RETURN_NULL(ssl); + + if(1){ /* Use a socket BIO between the socket and SSL structure */ + /* Create a socket BIO */ + sbio = BIO_new_socket(sock, BIO_NOCLOSE); + + /* Assign the socket BIO to the SSL structure*/ + SSL_set_bio(ssl, sbio, sbio); + + } + else{ + /* Assign the socket into the SSL structure (SSL and socket without BIO) */ + SSL_set_fd(ssl, sock); + } + + /* Perform SSL Handshake on the SSL server */ + err = SSL_accept(ssl); + RETURN_SSL(err); + + /* Informational output (optional) */ + printf("SSL connection using %s\n", SSL_get_cipher (ssl)); + + /* Session established with the first SSL handshake */ + sess = SSL_get_session(ssl); + printf("Session 1: SSL_SESSION_hash(sess) >> %d\n", SSL_SESSION_hash(sess)); + + /* Get the client's certificate (optional) */ + client_cert = SSL_get_peer_certificate(ssl); + + if (client_cert != NULL) + { + printf ("Client certificate:\n"); + + str = X509_NAME_oneline(X509_get_subject_name(client_cert), 0, 0); + RETURN_NULL(str); + printf ("\t subject: %s\n", str); + free (str); + + str = X509_NAME_oneline(X509_get_issuer_name(client_cert), 0, 0); + RETURN_NULL(str); + printf ("\t issuer: %s\n", str); + free (str); + + X509_free(client_cert); + } + else + printf("The SSL client does not have certificate.\n"); + + + /*--------------- DATA EXCHANGE - Receive message and send reply. ---------------*/ + + /* Receive data from the SSL client */ + err = SSL_read(ssl, buf, sizeof(buf) - 1); + RETURN_SSL(err); + buf[err] = '\0'; + printf ("Got %d chars:'%s'\n", err, buf); + + /* Send data to the SSL client */ + err = SSL_write(ssl, "This message is from the SSL server\n", strlen("This message is from the SSL server")); + RETURN_SSL(err); + + /*--------------- Renegotiation 1 (initiated by the SSL server) ---------------*/ + printf(">> Starting Renegotiation 1 (initiated by the server) \n"); + + if(SSL_renegotiate(ssl)<=0){ + printf("SSL_renegotiate() failed.\n"); + exit(1); + } + + if(SSL_do_handshake(ssl)<=0){ + printf("SSL_do_handshake() failed.\n"); + exit(1); + } + + ssl->state = SSL_ST_ACCEPT; + + if(SSL_do_handshake(ssl)<=0){ + printf("SSL_do_handshake() failed.\n"); + exit(1); + } + + printf(">> SSL Renegotiation succeeded\n"); + + /* Session established with the first SSL renegotiation */ + sess = SSL_get_session(ssl); + printf("Session 2 (with 1st SSL renegotiation): SSL_SESSION_hash(sess) >> %d\n", SSL_SESSION_hash(sess)); + + /*----------------------------------------------------------------*/ + /* Receive a message from Client over the new SSL session */ + err = SSL_read(ssl, buf, sizeof(buf) - 1); + RETURN_SSL(err); + buf[err] = '\0'; + printf ("Got %d chars:'%s'\n", err, buf); + + /* Send a message to Client over the new SSL session */ + err = SSL_write(ssl, "From the server after SSL Renegotiation.", strlen("From the server after SSL Renegotiation.")); + RETURN_SSL(err); + + /*--------------- Renegotiation 2 (initiated by the SSL client) ---------------*/ + + printf("\n>> Starting Renegotiation 2 (initiated by the client)\n"); + + err = SSL_read(ssl, buf, sizeof(buf) - 1); + switch(SSL_get_error(ssl,err)){ + case SSL_ERROR_WANT_READ: + printf(">> SSL Renegotiation succeeded\n"); + break; + default: + printf("error\n"); + exit(1); + } + + /* Session established with the second SSL renegotiation */ + sess = SSL_get_session(ssl); + printf("Session 3 (with 2nd SSL renegotiation): SSL_SESSION_hash(sess) >> %d\n", SSL_SESSION_hash(sess)); + + /* Receive a message from Client over the new SSL session */ + err = SSL_read(ssl, buf, sizeof(buf) - 1); + RETURN_SSL(err); + buf[err] = '\0'; + printf ("Got %d chars:'%s'\n", err, buf); + + /* Send a message to Client over the new SSL session */ + err = SSL_write(ssl, "From the server after SSL Renegotiation.", strlen("From the server after SSL Renegotiation.")); + RETURN_SSL(err); + + /*--------------- SSL closure ---------------*/ + /* Shutdown this side of the SSL connection */ + err = SSL_shutdown(ssl); + RETURN_SSL(err); + + /* Terminate communication on a socket */ + err = close(sock); + RETURN_ERR(err, "close"); + + /* Free the SSL structure */ + SSL_free(ssl); + + /* Free the SSL_CTX structure */ + SSL_CTX_free(ctx); +} + diff --git a/demos/vms_examples/ssl$serv_sess_renego_cli_ver.c b/demos/vms_examples/ssl$serv_sess_renego_cli_ver.c new file mode 100644 index 000000000..a83263957 --- /dev/null +++ b/demos/vms_examples/ssl$serv_sess_renego_cli_ver.c @@ -0,0 +1,379 @@ +/* + * ++ + * FACILITY: + * + * Simplest SSL Server + "Socket BIO" + "client certificate verification" + "SSL Renegotiation" + * + * ABSTRACT: + * + * This is an example of a SSL server with minimum functionality. + * This server uses Socket BIO. + * The socket APIs are used to handle TCP/IP operations. This SSL + * server loads its own certificate and key, + * and it requests & verifies the certificate of the SSL client. + * + * This SSL server also demonstrates how to implement SSL Renegotiation + * in the server. + * + * ENVIRONMENT: + * + * OpenVMS Alpha V7.2-2 + * TCP/IP Services V5.0A or higher + * + * AUTHOR: + * + * Taka Shinagawa, OpenVMS Security Group + * + * CREATION DATE: + * + * 1-Jan-2002 + * + * -- + */ + +/* Assumptions, Build, Configuration, and Execution Instructions */ + +/* + * ASSUMPTIONS: + * + * The following are assumed to be true for the + * execution of this program to succeed: + * + * - SSL is installed and started on this system. + * + * - this server program, and its accompanying client + * program are run on the same system, but in different + * processes. + * + * - the certificate and keys referenced by this program + * reside in the same directory as this program. There + * is a command procedure, SSL$EXAMPLES_SETUP.COM, to + * help set up the certificates and keys. + * + * BUILD INSTRUCTIONS: + * + * To build this example program use commands of the form, + * + * For a 32-bit application using only SSL APIs needs to run the following commands for SSL_APP.C . + * ----------------------------------------------------------------- + * $CC/POINTER_SIZE=32/PREFIX_LIBRARY_ENTRIES=ALL_ENTRIES SSL_APP.C + * $LINK SSL_APP.OBJ, VMS_DECC_OPTIONS.OPT/OPT + * ----------------------------------------------------------------- + * VMS_DECC_OPTIONS.OPT should include the following lines. + * ------------------------------------------------- + * SYS$LIBRARY:OPENSSL$LIBCRYPTO_SHR32.EXE/SHARE + * SYS$LIBRARY:OPENSSL$LIBSSL_SHR32.EXE/SHARE + * ------------------------------------------------- + * + * Creating a 64-bit application of SSL_APP.C should run the following commands. + * ----------------------------------------------------------------- + * $CC/POINTER_SIZE=64/PREFIX_LIBRARY_ENTRIES=ALL_ENTRIES SSL_APP.C + * $LINK SSL_APP.OBJ, VMS_DECC_OPTIONS.OPT/OPT + * ----------------------------------------------------------------- + * VMS_DECC_OPTIONS.OPT should include the following lines. + * ------------------------------------------------- + * SYS$LIBRARY:OPENSSL$LIBCRYPTO_SHR.EXE/SHARE + * SYS$LIBRARY:OPENSSL$LIBSSL_SHR.EXE/SHARE + * ------------------------------------------------- + * + * + * CONFIGURATION INSTRUCTIONS: + * + * + * RUN INSTRUCTIONS: + * + * To run this example program: + * + * 1) Start the server program, + * + * $ run server + * + * 2) Start the client program on this same system, + * + * $ run client + * + */ + + +#include +#include +#include +#include +#include +#include + +#ifdef __VMS +#include +#include +#include +#include +#else +#include +#include +#include +#include +#endif + +#include +#include +#include + +#define RSA_SERVER_CERT "server.crt" +#define RSA_SERVER_KEY "server.key" + +#define RSA_SERVER_CA_CERT "server_ca.crt" +#define RSA_SERVER_CA_PATH "sys$common:[syshlp.examples.ssl]" + +#define ON 1 +#define OFF 0 + +#define RETURN_NULL(x) if ((x)==NULL) exit(1) +#define RETURN_ERR(err,s) if ((err)==-1) { perror(s); exit(1); } +#define RETURN_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(1); } + +void main () +{ + int err; + int verify_client = ON; /* To verify a client certificate, set ON */ + + int listen_sock; + int sock; + struct sockaddr_in sa_serv; + struct sockaddr_in sa_cli; + size_t client_len; + char *str; + char buf[4096]; + + SSL_CTX *ctx; + SSL *ssl; + SSL_METHOD *meth; + X509 *client_cert = NULL; + BIO *sbio = NULL; + SSL_SESSION *sess = NULL; + + short int s_port = 5555; + + /*-----------------------------------------------------------------------------------------*/ + /* Load encryption & hashing algorithms for the SSL program */ + SSL_library_init(); + + /* Load the error strings for SSL & CRYPTO APIs */ + SSL_load_error_strings(); + + /* Create a SSL_METHOD structure (choose a SSL/TLS protocol version) */ + meth = TLSv1_method(); + + /* Create a SSL_CTX structure */ + ctx = SSL_CTX_new(meth); + if (!ctx) { + ERR_print_errors_fp(stderr); + exit(1); + } + + /* Load the server certificate into the SSL_CTX structure */ + if (SSL_CTX_use_certificate_file(ctx, RSA_SERVER_CERT, SSL_FILETYPE_PEM) <= 0) { + ERR_print_errors_fp(stderr); + exit(1); + } + + /* Load the private-key corresponding to the server certificate */ + if (SSL_CTX_use_PrivateKey_file(ctx, RSA_SERVER_KEY, SSL_FILETYPE_PEM) <= 0) { + ERR_print_errors_fp(stderr); + exit(1); + } + + /* Check if the server certificate and private-key matches */ + if (!SSL_CTX_check_private_key(ctx)) { + fprintf(stderr,"Private key does not match the certificate public key\n"); + exit(1); + } + + if(verify_client == ON) + { + /* Load the RSA CA certificate into the SSL_CTX structure */ + if (!SSL_CTX_load_verify_locations(ctx, RSA_SERVER_CA_CERT, NULL)) { + ERR_print_errors_fp(stderr); + exit(1); + } + + /* Set to require peer (client) certificate verification */ + SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER,NULL); + + /* Set the verification depth to 1 */ + SSL_CTX_set_verify_depth(ctx,1); + } + + /* ----------------------------------------------- */ + /* Set up a TCP socket */ + + listen_sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP); + RETURN_ERR(listen_sock, "socket"); + + memset (&sa_serv, '\0', sizeof(sa_serv)); + sa_serv.sin_family = AF_INET; + sa_serv.sin_addr.s_addr = INADDR_ANY; + sa_serv.sin_port = htons (s_port); /* Server Port number */ + + err = bind(listen_sock, (struct sockaddr*)&sa_serv,sizeof(sa_serv)); + RETURN_ERR(err, "bind"); + + /* Wait for an incoming TCP connection. */ + err = listen(listen_sock, 5); + RETURN_ERR(err, "listen"); + + client_len = sizeof(sa_cli); + + /* Socket for a TCP/IP connection is created */ + sock = accept(listen_sock, (struct sockaddr*)&sa_cli, &client_len); + RETURN_ERR(sock, "accept"); + close (listen_sock); + + printf ("Connection from %lx, port %x\n", sa_cli.sin_addr.s_addr, sa_cli.sin_port); + + /* ----------------------------------------------- */ + /* TCP connection is ready. */ + + /* A SSL structure is created */ + ssl = SSL_new(ctx); + RETURN_NULL(ssl); + + if(1){ /* Use a socket BIO between the socket and SSL structure */ + /* Create a socket BIO */ + sbio = BIO_new_socket(sock, BIO_NOCLOSE); + + /* Assign the socket BIO to the SSL structure*/ + SSL_set_bio(ssl, sbio, sbio); + + } + else{ + /* Assign the socket into the SSL structure (SSL and socket without BIO) */ + SSL_set_fd(ssl, sock); + } + + /* Perform SSL Handshake on the SSL server */ + err = SSL_accept(ssl); + RETURN_SSL(err); + + /* Informational output (optional) */ + printf("SSL connection using %s\n", SSL_get_cipher (ssl)); + + /* Session established with the first SSL handshake */ + sess = SSL_get_session(ssl); + printf("Session 1: SSL_SESSION_hash(sess) >> %d\n", SSL_SESSION_hash(sess)); + + /* Get the client's certificate (optional) */ + client_cert = SSL_get_peer_certificate(ssl); + + if (client_cert != NULL) + { + printf ("Client certificate:\n"); + + str = X509_NAME_oneline(X509_get_subject_name(client_cert), 0, 0); + RETURN_NULL(str); + printf ("\t subject: %s\n", str); + free (str); + + str = X509_NAME_oneline(X509_get_issuer_name(client_cert), 0, 0); + RETURN_NULL(str); + printf ("\t issuer: %s\n", str); + free (str); + + X509_free(client_cert); + } + else + printf("The SSL client does not have certificate.\n"); + + + /*--------------- DATA EXCHANGE - Receive message and send reply. ---------------*/ + + /* Receive data from the SSL client */ + err = SSL_read(ssl, buf, sizeof(buf) - 1); + RETURN_SSL(err); + buf[err] = '\0'; + printf ("Received %d chars:'%s'\n", err, buf); + + /* Send data to the SSL client */ + err = SSL_write(ssl, "This message is from the SSL server\n", strlen("This message is from the SSL server")); + RETURN_SSL(err); + + /*--------------- Renegotiation 1 (initiated by the SSL server) ---------------*/ + printf(">> Starting Renegotiation 1 (initiated by the server) \n"); + + if(SSL_renegotiate(ssl)<=0){ + printf("SSL_renegotiate() failed.\n"); + exit(1); + } + + if(SSL_do_handshake(ssl)<=0){ + printf("SSL_do_handshake() failed.\n"); + exit(1); + } + + ssl->state = SSL_ST_ACCEPT; + + if(SSL_do_handshake(ssl)<=0){ + printf("SSL_do_handshake() failed.\n"); + exit(1); + } + + printf(">> SSL Renegotiation succeeded\n"); + + /* Session established with the first SSL renegotiation */ + sess = SSL_get_session(ssl); + printf("Session 2 (with 1st SSL renegotiation): SSL_SESSION_hash(sess) >> %d\n", SSL_SESSION_hash(sess)); + + /*----------------------------------------------------------------*/ + /* Receive a message from Client over the new SSL session */ + err = SSL_read(ssl, buf, sizeof(buf) - 1); + RETURN_SSL(err); + buf[err] = '\0'; + printf ("Received %d chars:'%s'\n", err, buf); + + /* Send a message to Client over the new SSL session */ + err = SSL_write(ssl, "From the server after SSL Renegotiation.", strlen("From the server after SSL Renegotiation.")); + RETURN_SSL(err); + + /*--------------- Renegotiation 2 (initiated by the SSL client) ---------------*/ + + printf("\n>> Starting Renegotiation 2 (initiated by the client)\n"); + + err = SSL_read(ssl, buf, sizeof(buf) - 1); + switch(SSL_get_error(ssl,err)){ + case SSL_ERROR_WANT_READ: + printf(">> SSL Renegotiation succeeded\n"); + break; + default: + printf("error\n"); + exit(1); + } + + /* Session established with the second SSL renegotiation */ + sess = SSL_get_session(ssl); + printf("Session 3 (with 2nd SSL renegotiation): SSL_SESSION_hash(sess) >> %d\n", SSL_SESSION_hash(sess)); + + /* Receive a message from Client over the new SSL session */ + err = SSL_read(ssl, buf, sizeof(buf) - 1); + RETURN_SSL(err); + buf[err] = '\0'; + printf ("Received %d chars:'%s'\n", err, buf); + + /* Send a message to Client over the new SSL session */ + err = SSL_write(ssl, "From the server after SSL Renegotiation.", strlen("From the server after SSL Renegotiation.")); + RETURN_SSL(err); + + /*--------------- SSL closure ---------------*/ + /* Shutdown this side of the connection */ + err = SSL_shutdown(ssl); + RETURN_SSL(err); + + /* Terminate communication on a socket */ + err = close(sock); + RETURN_ERR(err, "close"); + + /* Free the SSL structure */ + SSL_free(ssl); + + /* Free the SSL_CTX structure */ + SSL_CTX_free(ctx); +} + diff --git a/demos/vms_examples/ssl$serv_sess_reuse.c b/demos/vms_examples/ssl$serv_sess_reuse.c new file mode 100644 index 000000000..e2e6a181e --- /dev/null +++ b/demos/vms_examples/ssl$serv_sess_reuse.c @@ -0,0 +1,316 @@ +/* + * ++ + * FACILITY: + * + * Simplest SSL Server + "Socket BIO" + "Session Reuse (Resumption)" + * + * ABSTRACT: + * + * This is an example of a SSL server with minimum functionality. + * This server uses Socket BIO. + * The socket APIs are used to handle TCP/IP operations. This SSL + * server loads its own certificate and key, but it does not verify + * the certificate of the SSL client. + * + * This SSL server also demonstrates how to implement SSL Session Reuse (Resumption) + * in the server. + * + * ENVIRONMENT: + * + * OpenVMS Alpha V7.2-2 + * TCP/IP Services V5.0A or higher + * + * AUTHOR: + * + * Taka Shinagawa, OpenVMS Security Group + * + * CREATION DATE: + * + * 1-Jan-2002 + * + * -- + */ + +/* Assumptions, Build, Configuration, and Execution Instructions */ + +/* + * ASSUMPTIONS: + * + * The following are assumed to be true for the + * execution of this program to succeed: + * + * - SSL is installed and started on this system. + * + * - this server program, and its accompanying client + * program are run on the same system, but in different + * processes. + * + * - the certificate and keys referenced by this program + * reside in the same directory as this program. There + * is a command procedure, SSL$EXAMPLES_SETUP.COM, to + * help set up the certificates and keys. + * + * BUILD INSTRUCTIONS: + * + * To build this example program use commands of the form, + * + * For a 32-bit application using only SSL APIs needs to run the following commands for SSL_APP.C . + * ----------------------------------------------------------------- + * $CC/POINTER_SIZE=32/PREFIX_LIBRARY_ENTRIES=ALL_ENTRIES SSL_APP.C + * $LINK SSL_APP.OBJ, VMS_DECC_OPTIONS.OPT/OPT + * ----------------------------------------------------------------- + * VMS_DECC_OPTIONS.OPT should include the following lines. + * ------------------------------------------------- + * SYS$LIBRARY:OPENSSL$LIBCRYPTO_SHR32.EXE/SHARE + * SYS$LIBRARY:OPENSSL$LIBSSL_SHR32.EXE/SHARE + * ------------------------------------------------- + * + * Creating a 64-bit application of SSL_APP.C should run the following commands. + * ----------------------------------------------------------------- + * $CC/POINTER_SIZE=64/PREFIX_LIBRARY_ENTRIES=ALL_ENTRIES SSL_APP.C + * $LINK SSL_APP.OBJ, VMS_DECC_OPTIONS.OPT/OPT + * ----------------------------------------------------------------- + * VMS_DECC_OPTIONS.OPT should include the following lines. + * ------------------------------------------------- + * SYS$LIBRARY:OPENSSL$LIBCRYPTO_SHR.EXE/SHARE + * SYS$LIBRARY:OPENSSL$LIBSSL_SHR.EXE/SHARE + * ------------------------------------------------- + * + * + * CONFIGURATION INSTRUCTIONS: + * + * + * RUN INSTRUCTIONS: + * + * To run this example program: + * + * 1) Start the server program, + * + * $ run server + * + * 2) Start the client program on this same system, + * + * $ run client + * + */ + + +#include +#include +#include +#include +#include +#include + +#ifdef __VMS +#include +#include +#include +#include +#else +#include +#include +#include +#include +#endif + +#include +#include +#include + +#define RSA_SERVER_CERT "server.crt" +#define RSA_SERVER_KEY "server.key" + +#define RSA_SERVER_CA_CERT "server_ca.crt" +#define RSA_SERVER_CA_PATH "sys$common:[syshlp.examples.ssl]" + +#define ON 1 +#define OFF 0 + +#define RETURN_NULL(x) if ((x)==NULL) exit(1) +#define RETURN_ERR(err,s) if ((err)==-1) { perror(s); exit(1); } +#define RETURN_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(1); } + +void main () +{ + int err, i; + int verify_client = OFF; /* To verify a client certificate, set ON */ + + int listen_sock; + int sock; + int on = 1; + struct sockaddr_in sa_serv; + struct sockaddr_in sa_cli; + size_t client_len; + char *str; + char buf[4096]; + + SSL_CTX *ctx; + SSL *ssl; + SSL_METHOD *meth; + X509 *client_cert = NULL; + BIO *sbio = NULL; + + short int s_port = 5555; + + /*-----------------------------------------------------------------------------------------*/ + /* Load encryption & hashing algorithms for the SSL program */ + SSL_library_init(); + + /* Load the error strings for SSL & CRYPTO APIs */ + SSL_load_error_strings(); + + /* Create a SSL_METHOD structure (choose a SSL/TLS protocol version) */ + meth = SSLv3_method(); + + /* Create a SSL_CTX structure */ + ctx = SSL_CTX_new(meth); + if (!ctx) { + ERR_print_errors_fp(stderr); + exit(1); + } + + /* Load the server certificate into the SSL_CTX structure */ + if (SSL_CTX_use_certificate_file(ctx, RSA_SERVER_CERT, SSL_FILETYPE_PEM) <= 0) { + ERR_print_errors_fp(stderr); + exit(1); + } + + /* Load the private-key corresponding to the server certificate */ + if (SSL_CTX_use_PrivateKey_file(ctx, RSA_SERVER_KEY, SSL_FILETYPE_PEM) <= 0) { + ERR_print_errors_fp(stderr); + exit(1); + } + + /* Check if the server certificate and private-key matches */ + if (!SSL_CTX_check_private_key(ctx)) { + fprintf(stderr,"Private key does not match the certificate public key\n"); + exit(1); + } + + if(verify_client == ON) + { + /* Load the RSA CA certificate into the SSL_CTX structure */ + if (!SSL_CTX_load_verify_locations(ctx, RSA_SERVER_CA_CERT, NULL)) { + ERR_print_errors_fp(stderr); + exit(1); + } + + /* Set to require peer (client) certificate verification */ + SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER,NULL); + + /* Set the verification depth to 1 */ + SSL_CTX_set_verify_depth(ctx,1); + } + + /* Set up a TCP socket */ + listen_sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP); + RETURN_ERR(listen_sock, "socket"); + + err = setsockopt (listen_sock, SOL_SOCKET, SO_REUSEADDR, (void *)&on, sizeof(on)); + RETURN_ERR(err, "setsockopt"); + + memset (&sa_serv, '\0', sizeof(sa_serv)); + sa_serv.sin_family = AF_INET; + sa_serv.sin_addr.s_addr = INADDR_ANY; + sa_serv.sin_port = htons (s_port); /* Server Port number */ + + err = bind(listen_sock, (struct sockaddr*)&sa_serv,sizeof(sa_serv)); + RETURN_ERR(err, "bind"); + + err = listen(listen_sock, 5); + RETURN_ERR(err, "listen"); + + client_len = sizeof(sa_cli); + + + for(i=0; i<2; i++) + { + /* Socket for a TCP/IP connection is created */ + sock = accept(listen_sock, (struct sockaddr*)&sa_cli, &client_len); + RETURN_ERR(sock, "accept"); + + printf ("Connection from %lx, port %x\n", sa_cli.sin_addr.s_addr, sa_cli.sin_port); + + /* ----------------------------------------------- */ + /* TCP connection is ready. */ + + /* A SSL structure is created */ + ssl = SSL_new(ctx); + RETURN_NULL(ssl); + + if(1){ /* Use a socket BIO between the socket and SSL structure */ + /* Create a socket BIO */ + sbio = BIO_new_socket(sock, BIO_NOCLOSE); + + /* Assign the socket BIO to the SSL structure*/ + SSL_set_bio(ssl, sbio, sbio); + + } + else{ + /* Assign the socket into the SSL structure (SSL and socket without BIO) */ + SSL_set_fd(ssl, sock); + } + + /* Perform SSL Handshake on the SSL server */ + err = SSL_accept(ssl); + RETURN_SSL(err); + + /* Informational output (optional) */ + printf("SSL connection using %s\n", SSL_get_cipher (ssl)); + + /* Get the client's certificate (optional) */ + client_cert = SSL_get_peer_certificate(ssl); + + if (client_cert != NULL) + { + printf ("Client certificate:\n"); + + str = X509_NAME_oneline(X509_get_subject_name(client_cert), 0, 0); + RETURN_NULL(str); + printf ("\t subject: %s\n", str); + free (str); + + str = X509_NAME_oneline(X509_get_issuer_name(client_cert), 0, 0); + RETURN_NULL(str); + printf ("\t issuer: %s\n", str); + free (str); + + X509_free(client_cert); + } + else + printf("The SSL client does not have certificate.\n"); + + + /*--------------- DATA EXCHANGE - Receive message and send reply. ---------------*/ + + /* Receive data from the SSL client */ + err = SSL_read(ssl, buf, sizeof(buf) - 1); + RETURN_SSL(err); + buf[err] = '\0'; + printf ("Received %d chars:'%s'\n", err, buf); + + /* Send data to the SSL client */ + err = SSL_write(ssl, "This message is from the SSL server", strlen("This message is from the SSL server")); + RETURN_SSL(err); + + /*--------------- SSL closure ---------------*/ + /* Shutdown this side of the SSL connection */ + err = SSL_shutdown(ssl); + RETURN_SSL(err); + + /* Terminate communication on a socket */ + err = close(sock); + RETURN_ERR(err, "close"); + } + + err = close(listen_sock); + RETURN_ERR(err, "close"); + + /* Free the SSL structure */ + SSL_free(ssl); + + /* Free the SSL_CTX structure */ + SSL_CTX_free(ctx); +} + diff --git a/demos/vms_examples/ssl$serv_sess_reuse_cli_ver.c b/demos/vms_examples/ssl$serv_sess_reuse_cli_ver.c new file mode 100644 index 000000000..69d30ff08 --- /dev/null +++ b/demos/vms_examples/ssl$serv_sess_reuse_cli_ver.c @@ -0,0 +1,329 @@ +/* + * ++ + * FACILITY: + * + * Simplest SSL Server + "Socket BIO" + "client certificate verification" + "Session Reuse (Resumption)" + * + * ABSTRACT: + * + * This is an example of a SSL server with minimum functionality + * with the client certificate verification (using Socket BIO). + * The socket APIs are used to handle TCP/IP operations. This SSL + * server loads its own certificate and key, but it does not verify + * the certificate of the SSL client. + * + * This SSL server also demonstrates how to implement SSL Session Reuse (Resumption) + * in the server. + * + * ENVIRONMENT: + * + * OpenVMS Alpha V7.2-2 + * TCP/IP Services V5.0A or higher + * + * AUTHOR: + * + * Taka Shinagawa, OpenVMS Security Group + * + * CREATION DATE: + * + * 1-Jan-2002 + * + * -- + */ + +/* Assumptions, Build, Configuration, and Execution Instructions */ + +/* + * ASSUMPTIONS: + * + * The following are assumed to be true for the + * execution of this program to succeed: + * + * - SSL is installed and started on this system. + * + * - this server program, and its accompanying client + * program are run on the same system, but in different + * processes. + * + * - the certificate and keys referenced by this program + * reside in the same directory as this program. There + * is a command procedure, SSL$EXAMPLES_SETUP.COM, to + * help set up the certificates and keys. + * + * BUILD INSTRUCTIONS: + * + * To build this example program use commands of the form, + * + * For a 32-bit application using only SSL APIs needs to run the following commands for SSL_APP.C . + * ----------------------------------------------------------------- + * $CC/POINTER_SIZE=32/PREFIX_LIBRARY_ENTRIES=ALL_ENTRIES SSL_APP.C + * $LINK SSL_APP.OBJ, VMS_DECC_OPTIONS.OPT/OPT + * ----------------------------------------------------------------- + * VMS_DECC_OPTIONS.OPT should include the following lines. + * ------------------------------------------------- + * SYS$LIBRARY:OPENSSL$LIBCRYPTO_SHR32.EXE/SHARE + * SYS$LIBRARY:OPENSSL$LIBSSL_SHR32.EXE/SHARE + * ------------------------------------------------- + * + * Creating a 64-bit application of SSL_APP.C should run the following commands. + * ----------------------------------------------------------------- + * $CC/POINTER_SIZE=64/PREFIX_LIBRARY_ENTRIES=ALL_ENTRIES SSL_APP.C + * $LINK SSL_APP.OBJ, VMS_DECC_OPTIONS.OPT/OPT + * ----------------------------------------------------------------- + * VMS_DECC_OPTIONS.OPT should include the following lines. + * ------------------------------------------------- + * SYS$LIBRARY:OPENSSL$LIBCRYPTO_SHR.EXE/SHARE + * SYS$LIBRARY:OPENSSL$LIBSSL_SHR.EXE/SHARE + * ------------------------------------------------- + * + * + * CONFIGURATION INSTRUCTIONS: + * + * + * RUN INSTRUCTIONS: + * + * To run this example program: + * + * 1) Start the server program, + * + * $ run server + * + * 2) Start the client program on this same system, + * + * $ run client + * + */ + + +#include +#include +#include +#include +#include +#include + +#ifdef __VMS +#include +#include +#include +#include +#else +#include +#include +#include +#include +#endif + +#include +#include +#include + +#define RSA_SERVER_CERT "server.crt" +#define RSA_SERVER_KEY "server.key" + +#define RSA_SERVER_CA_CERT "server_ca.crt" +#define RSA_SERVER_CA_PATH "sys$common:[syshlp.examples.ssl]" + +#define ON 1 +#define OFF 0 + +#define RETURN_NULL(x) if ((x)==NULL) exit(1) +#define RETURN_ERR(err,s) if ((err)==-1) { perror(s); exit(1); } +#define RETURN_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(1); } + +void main () +{ + int err, i; + int verify_client = ON; /* To verify a client certificate, set ON */ + + int listen_sock; + int sock; + int on = ON; + struct sockaddr_in sa_serv; + struct sockaddr_in sa_cli; + size_t client_len; + char *str; + char buf[4096]; + + SSL_CTX *ctx; + SSL *ssl; + SSL_METHOD *meth; + X509 *client_cert = NULL; + BIO *sbio = NULL; + + short int s_port = 5555; + + int sid_ctx = 1; + + /*-----------------------------------------------------------------------------------------*/ + /* Load encryption & hashing algorithms for the SSL program */ + SSL_library_init(); + + /* Load the error strings for SSL & CRYPTO APIs */ + SSL_load_error_strings(); + + /* Create a SSL_METHOD structure (choose a SSL/TLS protocol version) */ + meth = SSLv3_method(); + + /* Create a SSL_CTX structure */ + ctx = SSL_CTX_new(meth); + if (!ctx) { + ERR_print_errors_fp(stderr); + exit(1); + } + + /* Load the server certificate into the SSL_CTX structure */ + if (SSL_CTX_use_certificate_file(ctx, RSA_SERVER_CERT, SSL_FILETYPE_PEM) <= 0) { + ERR_print_errors_fp(stderr); + exit(1); + } + + /* Load the private-key corresponding to the server certificate */ + if (SSL_CTX_use_PrivateKey_file(ctx, RSA_SERVER_KEY, SSL_FILETYPE_PEM) <= 0) { + ERR_print_errors_fp(stderr); + exit(1); + } + + /* Check if the server certificate and private-key matches */ + if (!SSL_CTX_check_private_key(ctx)) { + fprintf(stderr,"Private key does not match the certificate public key\n"); + exit(1); + } + + if(verify_client == ON) + { + /* Load the RSA CA certificate into the SSL_CTX structure */ + if (!SSL_CTX_load_verify_locations(ctx, RSA_SERVER_CA_CERT, NULL)) { + ERR_print_errors_fp(stderr); + exit(1); + } + + /* Set to require peer (client) certificate verification */ + SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER,NULL); + + /* Set the verification depth to 1 */ + SSL_CTX_set_verify_depth(ctx,1); + + /* For session resumption */ + if(!SSL_CTX_set_session_id_context(ctx,(void*)&sid_ctx,sizeof(sid_ctx))){ + printf("SSL_CTX_set_session_id_context() failed\n"); + exit(1); + } + } + + /* ----------------------------------------------- */ + /* Set up a TCP socket */ + + listen_sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP); + RETURN_ERR(listen_sock, "socket"); + + memset (&sa_serv, '\0', sizeof(sa_serv)); + sa_serv.sin_family = AF_INET; + sa_serv.sin_addr.s_addr = INADDR_ANY; + sa_serv.sin_port = htons (s_port); /* Server Port number */ + + /* Set the socket options so that the socket can be reused */ + err = setsockopt (listen_sock, SOL_SOCKET, SO_REUSEADDR, (void *)&on, sizeof(on)); + RETURN_ERR(err, "setsockopt"); + + err = bind(listen_sock, (struct sockaddr*)&sa_serv,sizeof(sa_serv)); + RETURN_ERR(err, "bind"); + + /* Wait for an incoming TCP connection. */ + err = listen(listen_sock, 5); + RETURN_ERR(err, "listen"); + + client_len = sizeof(sa_cli); + + + for(i=0; i<2; i++) + { + /* Socket for a TCP/IP connection is created */ + sock = accept(listen_sock, (struct sockaddr*)&sa_cli, &client_len); + RETURN_ERR(sock, "accept"); + + printf ("Connection from %lx, port %x\n", sa_cli.sin_addr.s_addr, sa_cli.sin_port); + + /* ----------------------------------------------- */ + /* TCP connection is ready. */ + + /* A SSL structure is created */ + ssl = SSL_new(ctx); + RETURN_NULL(ssl); + + if(1){ /* Use a socket BIO between the socket and SSL structure */ + /* Create a socket BIO */ + sbio = BIO_new_socket(sock, BIO_NOCLOSE); + + /* Assign the socket BIO to the SSL structure*/ + SSL_set_bio(ssl, sbio, sbio); + + } + else{ + /* Assign the socket into the SSL structure (SSL and socket without BIO) */ + SSL_set_fd(ssl, sock); + } + + /* Perform SSL Handshake on the SSL server */ + err = SSL_accept(ssl); + RETURN_SSL(err); + + /* Informational output (optional) */ + printf("SSL connection using %s\n", SSL_get_cipher (ssl)); + + /* Get the client's certificate (optional) */ + client_cert = SSL_get_peer_certificate(ssl); + + if (client_cert != NULL) + { + printf ("Client certificate:\n"); + + str = X509_NAME_oneline(X509_get_subject_name(client_cert), 0, 0); + RETURN_NULL(str); + printf ("\t subject: %s\n", str); + free (str); + + str = X509_NAME_oneline(X509_get_issuer_name(client_cert), 0, 0); + RETURN_NULL(str); + printf ("\t issuer: %s\n", str); + free (str); + + X509_free(client_cert); + } + else + printf("The SSL client does not have certificate.\n"); + + + /*--------------- DATA EXCHANGE - Receive message and send reply. ---------------*/ + + /* Receive data from the SSL client */ + err = SSL_read(ssl, buf, sizeof(buf) - 1); + RETURN_SSL(err); + buf[err] = '\0'; + printf ("Received %d chars:'%s'\n", err, buf); + + /* Send data to the SSL client */ + err = SSL_write(ssl, "This message is from the SSL server", strlen("This message is from the SSL server")); + RETURN_SSL(err); + + /*--------------- SSL closure ---------------*/ + /* Shutdown this side of the SSL connection */ + err = SSL_shutdown(ssl); + RETURN_SSL(err); + + /* Terminate communication on a socket */ + err = close(sock); + RETURN_ERR(err, "close"); + + } + + err = close(listen_sock); + RETURN_ERR(err, "close"); + + /* Free the SSL structure */ + SSL_free(ssl); + + /* Free the SSL_CTX structure */ + SSL_CTX_free(ctx); +} + diff --git a/demos/vms_examples/ssl$serv_verify_client.c b/demos/vms_examples/ssl$serv_verify_client.c new file mode 100644 index 000000000..3e1ccf6cc --- /dev/null +++ b/demos/vms_examples/ssl$serv_verify_client.c @@ -0,0 +1,307 @@ +/* + * ++ + * FACILITY: + * + * Simplest SSL Server + "Socket BIO" + "client certificate verification" + * + * ABSTRACT: + * + * This is an example of a SSL server with minimum functionality + * with the client certificate verification (using Socket BIO). + * The socket APIs are used to handle TCP/IP operations. This SSL + * server loads its own certificate and key, + * and it requests & verifies the certificate of the SSL client. + * + * ENVIRONMENT: + * + * OpenVMS Alpha V7.2-2 + * TCP/IP Services V5.0A or higher + * + * AUTHOR: + * + * Taka Shinagawa, OpenVMS Security Group + * + * CREATION DATE: + * + * 1-Jan-2002 + * + * -- + */ + + +/* Assumptions, Build, Configuration, and Execution Instructions */ + +/* + * ASSUMPTIONS: + * + * The following are assumed to be true for the + * execution of this program to succeed: + * + * - SSL is installed and started on this system. + * + * - this server program, and its accompanying client + * program are run on the same system, but in different + * processes. + * + * - the certificate and keys referenced by this program + * reside in the same directory as this program. There + * is a command procedure, SSL$EXAMPLES_SETUP.COM, to + * help set up the certificates and keys. + * + * BUILD INSTRUCTIONS: + * + * To build this example program use commands of the form, + * + * For a 32-bit application using only SSL APIs needs to run the following commands for SSL_APP.C . + * ----------------------------------------------------------------- + * $CC/POINTER_SIZE=32/PREFIX_LIBRARY_ENTRIES=ALL_ENTRIES SSL_APP.C + * $LINK SSL_APP.OBJ, VMS_DECC_OPTIONS.OPT/OPT + * ----------------------------------------------------------------- + * VMS_DECC_OPTIONS.OPT should include the following lines. + * ------------------------------------------------- + * SYS$LIBRARY:OPENSSL$LIBCRYPTO_SHR32.EXE/SHARE + * SYS$LIBRARY:OPENSSL$LIBSSL_SHR32.EXE/SHARE + * ------------------------------------------------- + * + * Creating a 64-bit application of SSL_APP.C should run the following commands. + * ----------------------------------------------------------------- + * $CC/POINTER_SIZE=64/PREFIX_LIBRARY_ENTRIES=ALL_ENTRIES SSL_APP.C + * $LINK SSL_APP.OBJ, VMS_DECC_OPTIONS.OPT/OPT + * ----------------------------------------------------------------- + * VMS_DECC_OPTIONS.OPT should include the following lines. + * ------------------------------------------------- + * SYS$LIBRARY:OPENSSL$LIBCRYPTO_SHR.EXE/SHARE + * SYS$LIBRARY:OPENSSL$LIBSSL_SHR.EXE/SHARE + * ------------------------------------------------- + * + * + * CONFIGURATION INSTRUCTIONS: + * + * + * RUN INSTRUCTIONS: + * + * To run this example program: + * + * 1) Start the server program, + * + * $ run server + * + * 2) Start the client program on this same system, + * + * $ run client + * + */ + + +#include +#include +#include +#include +#include +#include + +#ifdef __VMS +#include +#include +#include +#include +#else +#include +#include +#include +#include +#endif + +#include +#include +#include + +#define RSA_SERVER_CERT "server.crt" +#define RSA_SERVER_KEY "server.key" + +#define RSA_SERVER_CA_CERT "server_ca.crt" +#define RSA_SERVER_CA_PATH "sys$common:[syshlp.examples.ssl]" + +#define ON 1 +#define OFF 0 + +#define RETURN_NULL(x) if ((x)==NULL) exit(1) +#define RETURN_ERR(err,s) if ((err)==-1) { perror(s); exit(1); } +#define RETURN_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(1); } + +void main () +{ + int err; + int verify_client = ON; /* To verify a client certificate, set ON */ + + int listen_sock; + int sock; + struct sockaddr_in sa_serv; + struct sockaddr_in sa_cli; + size_t client_len; + char *str; + char buf[4096]; + + SSL_CTX *ctx; + SSL *ssl; + SSL_METHOD *meth; + X509 *client_cert = NULL; + BIO *sbio = NULL; + + short int s_port = 5555; + + /*-----------------------------------------------------------------------------------------*/ + /* Load encryption & hashing algorithms for the SSL program */ + SSL_library_init(); + + /* Load the error strings for SSL & CRYPTO APIs */ + SSL_load_error_strings(); + + /* Create a SSL_METHOD structure (choose a SSL/TLS protocol version) */ + meth = SSLv3_method(); + + /* Create a SSL_CTX structure */ + ctx = SSL_CTX_new(meth); + if (!ctx) { + ERR_print_errors_fp(stderr); + exit(1); + } + + /* Load the server certificate into the SSL_CTX structure */ + if (SSL_CTX_use_certificate_file(ctx, RSA_SERVER_CERT, SSL_FILETYPE_PEM) <= 0) { + ERR_print_errors_fp(stderr); + exit(1); + } + + /* Load the private-key corresponding to the server certificate */ + if (SSL_CTX_use_PrivateKey_file(ctx, RSA_SERVER_KEY, SSL_FILETYPE_PEM) <= 0) { + ERR_print_errors_fp(stderr); + exit(1); + } + + /* Check if the server certificate and private-key matches */ + if (!SSL_CTX_check_private_key(ctx)) { + fprintf(stderr,"Private key does not match the certificate public key\n"); + exit(1); + } + + if(verify_client == ON) + { + /* Load the RSA CA certificate into the SSL_CTX structure */ + if (!SSL_CTX_load_verify_locations(ctx, RSA_SERVER_CA_CERT, NULL)) { + ERR_print_errors_fp(stderr); + exit(1); + } + + /* Set to require peer (client) certificate verification */ + SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER,NULL); + + /* Set the verification depth to 1 */ + SSL_CTX_set_verify_depth(ctx,1); + } + + /* ----------------------------------------------- */ + /* Set up a TCP socket */ + + listen_sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP); + RETURN_ERR(listen_sock, "socket"); + + memset (&sa_serv, '\0', sizeof(sa_serv)); + sa_serv.sin_family = AF_INET; + sa_serv.sin_addr.s_addr = INADDR_ANY; + sa_serv.sin_port = htons (s_port); /* Server Port number */ + + err = bind(listen_sock, (struct sockaddr*)&sa_serv,sizeof(sa_serv)); + RETURN_ERR(err, "bind"); + + /* Wait for an incoming TCP connection. */ + err = listen(listen_sock, 5); + RETURN_ERR(err, "listen"); + + client_len = sizeof(sa_cli); + + /* Socket for a TCP/IP connection is created */ + sock = accept(listen_sock, (struct sockaddr*)&sa_cli, &client_len); + RETURN_ERR(sock, "accept"); + close (listen_sock); + + printf ("Connection from %lx, port %x\n", sa_cli.sin_addr.s_addr, sa_cli.sin_port); + + /* ----------------------------------------------- */ + /* TCP connection is ready. */ + + /* A SSL structure is created */ + ssl = SSL_new(ctx); + RETURN_NULL(ssl); + + if(1){ /* Use a socket BIO between the socket and SSL structure */ + /* Create a socket BIO */ + sbio = BIO_new_socket(sock, BIO_NOCLOSE); + + /* Assign the socket BIO to the SSL structure*/ + SSL_set_bio(ssl, sbio, sbio); + + } + else{ + /* Assign the socket into the SSL structure (SSL and socket without BIO) */ + SSL_set_fd(ssl, sock); + } + + /* Perform SSL Handshake on the SSL server */ + err = SSL_accept(ssl); + RETURN_SSL(err); + + /* Informational output (optional) */ + printf("SSL connection using %s\n", SSL_get_cipher (ssl)); + + /* Get the client's certificate (optional) */ + client_cert = SSL_get_peer_certificate(ssl); + + if (client_cert != NULL) + { + printf ("Client certificate:\n"); + + str = X509_NAME_oneline(X509_get_subject_name(client_cert), 0, 0); + RETURN_NULL(str); + printf ("\t subject: %s\n", str); + free (str); + + str = X509_NAME_oneline(X509_get_issuer_name(client_cert), 0, 0); + RETURN_NULL(str); + printf ("\t issuer: %s\n", str); + free (str); + + X509_free(client_cert); + } + else + printf("The SSL client does not have certificate.\n"); + + + /*--------------- DATA EXCHANGE - Receive message and send reply. ---------------*/ + + /* Receive data from the SSL client */ + err = SSL_read(ssl, buf, sizeof(buf) - 1); + RETURN_SSL(err); + buf[err] = '\0'; + printf ("Received %d chars:'%s'\n", err, buf); + + /* Send data to the SSL client */ + err = SSL_write(ssl, "This message is from the SSL server", strlen("This message is from the SSL server")); + RETURN_SSL(err); + + /*--------------- SSL closure ---------------*/ + /* Shutdown this side of the SSL connection */ + err = SSL_shutdown(ssl); + RETURN_SSL(err); + + /* Terminate communication on a socket */ + err = close(sock); + RETURN_ERR(err, "close"); + + /* Free the SSL structure */ + SSL_free(ssl); + + /* Free the SSL_CTX structure */ + SSL_CTX_free(ctx); +} + diff --git a/demos/vms_examples/ssl$simple_cli.c b/demos/vms_examples/ssl$simple_cli.c new file mode 100644 index 000000000..78cd92b5b --- /dev/null +++ b/demos/vms_examples/ssl$simple_cli.c @@ -0,0 +1,290 @@ +/* + * ++ + * FACILITY: + * + * Simplest SSL Client + * + * ABSTRACT: + * + * This is an example of an SSL client with minimum functionality. + * The socket APIs are used to handle TCP/IP operations. + * + * This SSL client verifies the server's certificate against the CA + * certificate loaded in the client. + * + * This SSL client does not load its own certificate and key because + * the SSL server does not request nor verify the client certificate. + * + * + * ENVIRONMENT: + * + * OpenVMS Alpha V7.2-2 + * TCP/IP Services V5.0A or higher + * + * AUTHOR: + * + * Taka Shinagawa, OpenVMS Security Group + * + * CREATION DATE: + * + * 1-Jan-2002 + * + * -- + */ + + +/* Assumptions, Build, Configuration, and Execution Instructions */ + +/* + * ASSUMPTIONS: + * + * The following are assumed to be true for the + * execution of this program to succeed: + * + * - SSL is installed and started on this system. + * + * - this server program, and its accompanying client + * program are run on the same system, but in different + * processes. + * + * - the certificate and keys referenced by this program + * reside in the same directory as this program. There + * is a command procedure, SSL$EXAMPLES_SETUP.COM, to + * help set up the certificates and keys. + * + * + * BUILD INSTRUCTIONS: + * + * To build this example program use commands of the form, + * + * For a 32-bit application using only SSL APIs needs to run the following commands for SSL_APP.C . + * ----------------------------------------------------------------- + * $CC/POINTER_SIZE=32/PREFIX_LIBRARY_ENTRIES=ALL_ENTRIES SSL_APP.C + * $LINK SSL_APP.OBJ, VMS_DECC_OPTIONS.OPT/OPT + * ----------------------------------------------------------------- + * VMS_DECC_OPTIONS.OPT should include the following lines. + * ------------------------------------------------- + * SYS$LIBRARY:OPENSSL$LIBCRYPTO_SHR32.EXE/SHARE + * SYS$LIBRARY:OPENSSL$LIBSSL_SHR32.EXE/SHARE + * ------------------------------------------------- + * + * Creating a 64-bit application of SSL_APP.C should run the following commands. + * ----------------------------------------------------------------- + * $CC/POINTER_SIZE=64/PREFIX_LIBRARY_ENTRIES=ALL_ENTRIES SSL_APP.C + * $LINK SSL_APP.OBJ, VMS_DECC_OPTIONS.OPT/OPT + * ----------------------------------------------------------------- + * VMS_DECC_OPTIONS.OPT should include the following lines. + * ------------------------------------------------- + * SYS$LIBRARY:OPENSSL$LIBCRYPTO_SHR.EXE/SHARE + * SYS$LIBRARY:OPENSSL$LIBSSL_SHR.EXE/SHARE + * ------------------------------------------------- + * + * + * CONFIGURATION INSTRUCTIONS: + * + * + * RUN INSTRUCTIONS: + * + * To run this example program: + * + * 1) Start the server program, + * + * $ run server on this system + * + * 2) Start the client program on this same system, + * + * $ run client + * + */ + + +#include +#include +#include +#include +#include + +#ifdef __VMS +#include +#include +#include +#else +#include +#include +#include +#include +#endif + +#include +#include +#include + +#define RETURN_NULL(x) if ((x)==NULL) exit (1) +#define RETURN_ERR(err,s) if ((err)==-1) { perror(s); exit(1); } +#define RETURN_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(1); } + +static int verify_callback(int ok, X509_STORE_CTX *ctx); + +#define RSA_CLIENT_CERT "client.crt" +#define RSA_CLIENT_KEY "client.key" + +#define RSA_CLIENT_CA_CERT "client_ca.crt" +#define RSA_CLIENT_CA_PATH "sys$common:[syshlp.examples.ssl]" + +#define ON 1 +#define OFF 0 + +void main() +{ + int err; + int verify_client = OFF; /* To verify a client certificate, set ON */ + + int sock; + struct sockaddr_in server_addr; + char *str; + char buf [4096]; + char hello[80]; + + SSL_CTX *ctx; + SSL *ssl; + SSL_METHOD *meth; + X509 *server_cert; + + EVP_PKEY *pkey; + + short int s_port = 5555; + const char *s_ipaddr = "127.0.0.1"; + + /*----------------------------------------------------------*/ + printf ("Message to be sent to the SSL server: "); + fgets (hello, 80, stdin); + + /* Load encryption & hashing algorithms for the SSL program */ + SSL_library_init(); + + /* Load the error strings for SSL & CRYPTO APIs */ + SSL_load_error_strings(); + + /* Create an SSL_METHOD structure (choose an SSL/TLS protocol version) */ + meth = SSLv3_method(); + + /* Create an SSL_CTX structure */ + ctx = SSL_CTX_new(meth); + RETURN_NULL(ctx); + + /*-------------------------------------------------------------------------*/ + if(verify_client == ON) + { + /* Load the client certificate into the SSL_CTX structure */ + if (SSL_CTX_use_certificate_file(ctx, RSA_CLIENT_CERT, SSL_FILETYPE_PEM) <= 0) { + ERR_print_errors_fp(stderr); + exit(1); + } + + /* Load the private-key corresponding to the client certificate */ + if (SSL_CTX_use_PrivateKey_file(ctx, RSA_CLIENT_KEY, SSL_FILETYPE_PEM) <= 0) { + ERR_print_errors_fp(stderr); + exit(1); + } + + /* Check if the client certificate and private-key matches */ + if (!SSL_CTX_check_private_key(ctx)) { + fprintf(stderr,"Private key does not match the certificate public key\n"); + exit(1); + } + } + + /* Load the RSA CA certificate into the SSL_CTX structure */ + /* This will allow this client to verify the server's */ + /* certificate. */ + if (!SSL_CTX_load_verify_locations(ctx, RSA_CLIENT_CA_CERT, NULL)) { + ERR_print_errors_fp(stderr); + exit(1); + } + + /* Set flag in context to require peer (server) certificate verification */ + SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER,NULL); + SSL_CTX_set_verify_depth(ctx,1); + + /* ----------------------------------------------------------------- */ + /* Set up a TCP socket */ + + sock = socket (PF_INET, SOCK_STREAM, IPPROTO_TCP); + RETURN_ERR(sock, "socket"); + + memset (&server_addr, '\0', sizeof(server_addr)); + server_addr.sin_family = AF_INET; + server_addr.sin_port = htons(s_port); /* Server Port number */ + server_addr.sin_addr.s_addr = inet_addr(s_ipaddr); /* Server IP */ + + /* Establish a TCP/IP connection to the SSL client */ + err = connect(sock, (struct sockaddr*) &server_addr, sizeof(server_addr)); + RETURN_ERR(err, "connect"); + + /* ----------------------------------------------- */ + /* An SSL structure is created */ + ssl = SSL_new (ctx); + RETURN_NULL(ssl); + + /* Assign the socket into the SSL structure (SSL and socket without BIO) */ + SSL_set_fd(ssl, sock); + + /* Perform SSL Handshake on the SSL client */ + err = SSL_connect(ssl); + RETURN_SSL(err); + + /* Informational output (optional) */ + printf ("SSL connection using %s\n", SSL_get_cipher (ssl)); + + + /* Get the server's certificate (optional) */ + server_cert = SSL_get_peer_certificate (ssl); + + if (server_cert != NULL) + { + printf ("Server certificate:\n"); + + str = X509_NAME_oneline(X509_get_subject_name(server_cert),0,0); + RETURN_NULL(str); + printf ("\t subject: %s\n", str); + free (str); + + str = X509_NAME_oneline(X509_get_issuer_name(server_cert),0,0); + RETURN_NULL(str); + printf ("\t issuer: %s\n", str); + free(str); + + X509_free (server_cert); + } + else + printf("The SSL server does not have certificate.\n"); + + + /*--------------- DATA EXCHANGE - send message and receive reply. ---------------*/ + + /* Send data to the SSL server */ + err = SSL_write(ssl, hello, strlen(hello)); + RETURN_SSL(err); + + /* Receive data from the SSL server */ + err = SSL_read(ssl, buf, sizeof(buf)-1); + RETURN_SSL(err); + buf[err] = '\0'; + printf ("Received %d chars:'%s'\n", err, buf); + + /*--------------- SSL closure ---------------*/ + /* Shutdown the client side of the SSL connection */ + err = SSL_shutdown(ssl); + RETURN_SSL(err); + + /* Terminate communication on a socket */ + err = close(sock); + RETURN_ERR(err, "close"); + + /* Free the SSL structure */ + SSL_free(ssl); + + /* Free the SSL_CTX structure */ + SSL_CTX_free(ctx); +} + diff --git a/demos/vms_examples/ssl$simple_serv.c b/demos/vms_examples/ssl$simple_serv.c new file mode 100644 index 000000000..178cc2be2 --- /dev/null +++ b/demos/vms_examples/ssl$simple_serv.c @@ -0,0 +1,299 @@ +/* + * ++ + * FACILITY: + * + * Simplest SSL Server + * + * ABSTRACT: + * + * This is an example of a SSL server with minimum functionality. + * The socket APIs are used to handle TCP/IP operations. This SSL + * server loads its own certificate and key, but it does not verify + * the certificate of the SSL client. + * + * ENVIRONMENT: + * + * OpenVMS Alpha V7.2-2 or higher + * TCP/IP Services V5.0A or higher + * + * AUTHOR: + * + * Taka Shinagawa, OpenVMS Security Group + * + * CREATION DATE: + * + * 1-Jan-2002 + * + * -- + */ + + +/* Assumptions, Build, Configuration, and Execution Instructions */ + +/* + * ASSUMPTIONS: + * + * The following are assumed to be true for the + * execution of this program to succeed: + * + * - SSL is installed and started on this system. + * + * - this server program, and its accompanying client + * program are run on the same system, but in different + * processes. + * + * - the certificate and keys referenced by this program + * reside in the same directory as this program. There + * is a command procedure, SSL$EXAMPLES_SETUP.COM, to + * help set up the certificates and keys. + * + * + * BUILD INSTRUCTIONS: + * + * To build this example program use commands of the form, + * + * For a 32-bit application using only SSL APIs needs to run the following commands for SSL_APP.C . + * ----------------------------------------------------------------- + * $CC/POINTER_SIZE=32/PREFIX_LIBRARY_ENTRIES=ALL_ENTRIES SSL_APP.C + * $LINK SSL_APP.OBJ, VMS_DECC_OPTIONS.OPT/OPT + * ----------------------------------------------------------------- + * VMS_DECC_OPTIONS.OPT should include the following lines. + * ------------------------------------------------- + * SYS$LIBRARY:OPENSSL$LIBCRYPTO_SHR32.EXE/SHARE + * SYS$LIBRARY:OPENSSL$LIBSSL_SHR32.EXE/SHARE + * ------------------------------------------------- + * + * Creating a 64-bit application of SSL_APP.C should run the following commands. + * ----------------------------------------------------------------- + * $CC/POINTER_SIZE=64/PREFIX_LIBRARY_ENTRIES=ALL_ENTRIES SSL_APP.C + * $LINK SSL_APP.OBJ, VMS_DECC_OPTIONS.OPT/OPT + * ----------------------------------------------------------------- + * VMS_DECC_OPTIONS.OPT should include the following lines. + * ------------------------------------------------- + * SYS$LIBRARY:OPENSSL$LIBCRYPTO_SHR.EXE/SHARE + * SYS$LIBRARY:OPENSSL$LIBSSL_SHR.EXE/SHARE + * ------------------------------------------------- + * + * + * CONFIGURATION INSTRUCTIONS: + * + * + * RUN INSTRUCTIONS: + * + * To run this example program: + * + * 1) Start the server program, + * + * $ run server + * + * 2) Start the client program on this same system, + * + * $ run client + * + */ + + +#include +#include +#include +#include +#include +#include + +#ifdef __VMS +#include +#include +#include +#include +#else +#include +#include +#include +#include +#endif + +#include +#include +#include + +#define RSA_SERVER_CERT "server.crt" +#define RSA_SERVER_KEY "server.key" + +#define RSA_SERVER_CA_CERT "server_ca.crt" +#define RSA_SERVER_CA_PATH "sys$common:[syshlp.examples.ssl]" + +#define ON 1 +#define OFF 0 + +#define RETURN_NULL(x) if ((x)==NULL) exit(1) +#define RETURN_ERR(err,s) if ((err)==-1) { perror(s); exit(1); } +#define RETURN_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(1); } + +void main() +{ + int err; + int verify_client = OFF; /* To verify a client certificate, set ON */ + + int listen_sock; + int sock; + struct sockaddr_in sa_serv; + struct sockaddr_in sa_cli; + size_t client_len; + char *str; + char buf[4096]; + + SSL_CTX *ctx; + SSL *ssl; + SSL_METHOD *meth; + X509 *client_cert = NULL; + + short int s_port = 5555; + + /*-----------------------------------------------------------------------------------------*/ + /* Load encryption & hashing algorithms for the SSL program */ + SSL_library_init(); + + /* Load the error strings for SSL & CRYPTO APIs */ + SSL_load_error_strings(); + + /* Create a SSL_METHOD structure (choose a SSL/TLS protocol version) */ + meth = SSLv3_method(); + + /* Create a SSL_CTX structure */ + ctx = SSL_CTX_new(meth); + if (!ctx) { + ERR_print_errors_fp(stderr); + exit(1); + } + + /* Load the server certificate into the SSL_CTX structure */ + if (SSL_CTX_use_certificate_file(ctx, RSA_SERVER_CERT, SSL_FILETYPE_PEM) <= 0) { + ERR_print_errors_fp(stderr); + exit(1); + } + + /* Load the private-key corresponding to the server certificate */ + if (SSL_CTX_use_PrivateKey_file(ctx, RSA_SERVER_KEY, SSL_FILETYPE_PEM) <= 0) { + ERR_print_errors_fp(stderr); + exit(1); + } + + /* Check if the server certificate and private-key matches */ + if (!SSL_CTX_check_private_key(ctx)) { + fprintf(stderr,"Private key does not match the certificate public key\n"); + exit(1); + } + + if(verify_client == ON) + { + /* Load the RSA CA certificate into the SSL_CTX structure */ + if (!SSL_CTX_load_verify_locations(ctx, RSA_SERVER_CA_CERT, NULL)) { + ERR_print_errors_fp(stderr); + exit(1); + } + + /* Set to require peer (client) certificate verification */ + SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER,NULL); + + /* Set the verification depth to 1 */ + SSL_CTX_set_verify_depth(ctx,1); + } + + /* ----------------------------------------------- */ + /* Set up a TCP socket */ + + listen_sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP); + RETURN_ERR(listen_sock, "socket"); + + memset (&sa_serv, '\0', sizeof(sa_serv)); + sa_serv.sin_family = AF_INET; + sa_serv.sin_addr.s_addr = INADDR_ANY; + sa_serv.sin_port = htons (s_port); /* Server Port number */ + + err = bind(listen_sock, (struct sockaddr*)&sa_serv,sizeof(sa_serv)); + RETURN_ERR(err, "bind"); + + /* Wait for an incoming TCP connection. */ + err = listen(listen_sock, 5); + RETURN_ERR(err, "listen"); + + client_len = sizeof(sa_cli); + + /* Socket for a TCP/IP connection is created */ + sock = accept(listen_sock, (struct sockaddr*)&sa_cli, &client_len); + RETURN_ERR(sock, "accept"); + close (listen_sock); + + printf ("Connection from %lx, port %x\n", sa_cli.sin_addr.s_addr, sa_cli.sin_port); + + /* ----------------------------------------------- */ + /* TCP connection is ready. */ + + /* A SSL structure is created */ + ssl = SSL_new(ctx); + RETURN_NULL(ssl); + + /* Assign the socket into the SSL structure (SSL and socket without BIO) */ + SSL_set_fd(ssl, sock); + + /* Perform SSL Handshake on the SSL server */ + err = SSL_accept(ssl); + RETURN_SSL(err); + + /* Informational output (optional) */ + printf("SSL connection using %s\n", SSL_get_cipher (ssl)); + + if (verify_client == ON) + { + /* Get the client's certificate (optional) */ + client_cert = SSL_get_peer_certificate(ssl); + + if (client_cert != NULL) + { + printf ("Client certificate:\n"); + + str = X509_NAME_oneline(X509_get_subject_name(client_cert), 0, 0); + RETURN_NULL(str); + printf ("\t subject: %s\n", str); + free (str); + + str = X509_NAME_oneline(X509_get_issuer_name(client_cert), 0, 0); + RETURN_NULL(str); + printf ("\t issuer: %s\n", str); + free (str); + + X509_free(client_cert); + } + else + printf("The SSL client does not have certificate.\n"); + } + + + /*--------------- DATA EXCHANGE - Receive message and send reply. ---------------*/ + + /* Receive data from the SSL client */ + err = SSL_read(ssl, buf, sizeof(buf) - 1); + RETURN_SSL(err); + buf[err] = '\0'; + printf ("Received %d chars:'%s'\n", err, buf); + + /* Send data to the SSL client */ + err = SSL_write(ssl, "This message is from the SSL server", strlen("This message is from the SSL server")); + RETURN_SSL(err); + + /*--------------- SSL closure ---------------*/ + /* Shutdown this side (server) of the connection. */ + err = SSL_shutdown(ssl); + RETURN_SSL(err); + + /* Terminate communication on a socket */ + err = close(sock); + RETURN_ERR(err, "close"); + + /* Free the SSL structure */ + SSL_free(ssl); + + /* Free the SSL_CTX structure */ + SSL_CTX_free(ctx); +} + diff --git a/install.com b/install.com index 86fae7e87..4da897767 100644 --- a/install.com +++ b/install.com @@ -5,6 +5,9 @@ $! Time of creation: 22-MAY-1998 10:13 $! $! P1 root of the directory tree $! +$! +$ CURR_DIR = F$ENVIRONMENT("DEFAULT") +$! $ IF P1 .EQS. "" $ THEN $ WRITE SYS$OUTPUT "First argument missing." @@ -20,6 +23,9 @@ $ ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY") $ ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") - - ".][000000" - "[000000." - "][" - "[" - "]" $ ROOT = ROOT_DEV + "[" + ROOT_DIR +$! +$ KIT_DIR = "''ROOT'" + "]" +$ KIT_AREA = "''ROOT'" + "...]" $ $ DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC $ DEFINE/NOLOG WRK_SSLVLIB WRK_SSLROOT:[VAX_LIB] @@ -29,6 +35,7 @@ $ DEFINE/NOLOG WRK_SSLINCLUDE WRK_SSLROOT:[INCLUDE] $ DEFINE/NOLOG WRK_SSLVEXE WRK_SSLROOT:[VAX_EXE] $ DEFINE/NOLOG WRK_SSLAEXE WRK_SSLROOT:[ALPHA_EXE] $ DEFINE/NOLOG WRK_SSLCERTS WRK_SSLROOT:[CERTS] +$ DEFINE/NOLOG WRK_SSLCOM WRK_SSLROOT:[COM] $ DEFINE/NOLOG WRK_SSLPRIVATE WRK_SSLROOT:[PRIVATE] $ $ IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN - @@ -47,17 +54,28 @@ $ IF F$PARSE("WRK_SSLINCLUDE:") .EQS. "" THEN - CREATE/DIR/LOG WRK_SSLINCLUDE: $ IF F$PARSE("WRK_SSLCERTS:") .EQS. "" THEN - CREATE/DIR/LOG WRK_SSLCERTS: +$ IF F$PARSE("WRK_SSLCOM:") .EQS. "" THEN - + CREATE/DIR/LOG WRK_SSLCOM: $ IF F$PARSE("WRK_SSLPRIVATE:") .EQS. "" THEN - CREATE/DIR/LOG WRK_SSLPRIVATE: $ IF F$PARSE("WRK_SSLROOT:[VMS]") .EQS. "" THEN - CREATE/DIR/LOG WRK_SSLROOT:[VMS] $ -$ SDIRS := CRYPTO,SSL,RSAREF,APPS,VMS!,TEST,TOOLS +$ SDIRS := CRYPTO,DEMOS,SSL,APPS,VMS,TEST!,TOOLS $ EXHEADER := e_os2.h $ $ COPY 'EXHEADER' WRK_SSLINCLUDE: /LOG $ SET FILE/PROT=WORLD:RE WRK_SSLINCLUDE:'EXHEADER' $ +$ COPY SSL$PCSI.COM WRK_SSLCOM: /LOG +$ SET FILE/PROT=WORLD:RE WRK_SSLCOM:SSL$PCSI.COM +$! +$! Copy SET_ACLS.COM so that access to the kit area has +$! the appropriate protections as well. +$! +$ COPY SET_ACLS.COM WRK_SSLROOT:[000000]*.* /LOG +$ SET FILE/PROT=WORLD:RE WRK_SSLROOT:[000000]SET_ACLS.COM +$! $ I = 0 $ LOOP_SDIRS: $ D = F$ELEMENT(I, ",", SDIRS) @@ -69,7 +87,29 @@ $ @INSTALL 'ROOT'] $ SET DEFAULT [-] $ GOTO LOOP_SDIRS $ LOOP_SDIRS_END: -$ +$! +$ OPEN/WRITE KIT_FILE CREATE_PCSI_KIT.COM +$! +$ WRITE KIT_FILE "$!" +$ WRITE KIT_FILE "$! CREATE_PCSI_KIT.COM - This command procedure creates the actual .PCSI kit." +$ WRITE KIT_FILE "$!" +$ WRITE KIT_FILE "$!" +$ WRITE KIT_FILE "$! Do not edit this file." +$ WRITE KIT_FILE "$! This file is created by INSTALL.COM, and any changes to this file should" +$ WRITE KIT_FILE "$! be made in INSTALL.COM." +$ WRITE KIT_FILE "$!" +$ WRITE KIT_FILE "$!" +$ WRITE KIT_FILE " $ product package ssl /destination = ''KIT_DIR' - " +$ WRITE KIT_FILE " /format = sequential - " +$ WRITE KIT_FILE " /log - " +$ WRITE KIT_FILE " /material = ''KIT_AREA' - " +$ WRITE KIT_FILE " /source = ''CURR_DIR'CPQ-AXPVMS-SSL-T0100--1.PCSI$DESC " +$ WRITE KIT_FILE "$!" +$ WRITE KIT_FILE "$ kit_file = f$search(""''KIT_DIR'*.PCSI"") " +$ WRITE KIT_FILE "$ spool compress/method=dcx_axpexe ''KIT_DIR'''KIT_FILE' ''KIT_DIR'" +$! +$ CLOSE KIT_FILE +$! $ DEASSIGN WRK_SSLROOT $ DEASSIGN WRK_SSLVLIB $ DEASSIGN WRK_SSLALIB @@ -78,8 +118,20 @@ $ DEASSIGN WRK_SSLINCLUDE $ DEASSIGN WRK_SSLVEXE $ DEASSIGN WRK_SSLAEXE $ DEASSIGN WRK_SSLCERTS +$ DEASSIGN WRK_SSLCOM $ DEASSIGN WRK_SSLPRIVATE -$ +$! +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT " Now, to include the 32-bit images and libraries, copy the following" +$ WRITE SYS$OUTPUT " from a 32-bit build tree:" +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT " COPY [.AXP.EXE.CRYPTO]LIBCRYPTO32.OLB ''root'.ALPHA_LIB]" +$ WRITE SYS$OUTPUT " COPY [.AXP.EXE.SSL]LIBSSL32.OLB ''root'.ALPHA_LIB]" +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT " COPY [.AXP.EXE.CRYPTO]SSL$LIBCRYPTO_SHR32.EXE ''root'.ALPHA_EXE]" +$ WRITE SYS$OUTPUT " COPY [.AXP.EXE.SSL]SSL$LIBSSL_SHR32.EXE ''root'.ALPHA_EXE]" +$ WRITE SYS$OUTPUT "" +$! $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT " Installation done!" $ WRITE SYS$OUTPUT "" diff --git a/makevms.com b/makevms.com index 207b31196..51f2d196f 100755 --- a/makevms.com +++ b/makevms.com @@ -1,3 +1,14 @@ +$ set verify +$ set process/priv=all +$! +$ arch_name = f$getsyi("arch_name") +$ node_name = f$getsyi("nodename") +$ version = f$getsyi("version") +$ cpu = f$getsyi("cpu") +$! +$ write sys$output " " +$ write sys$output " ", node_name, " is running ", version, " on a ", arch_name, "(CPU=", cpu, ")" +$ write sys$output " " $! $! MAKEVMS.COM $! Original Author: UNKNOWN @@ -65,6 +76,9 @@ $! $! P6, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up) $! $! +$! +$ EXIT_STATUS = 1 +$! $! Check if we're in a batch job, and make sure we get to $! the directory this script is in $! @@ -75,6 +89,13 @@ $ COMPATH=F$PARSE("A.;",COMNAME) - "A.;" $ SET DEF 'COMPATH' $ ENDIF $! +$! +$! Define USER_CCFLAGS +$! +$ @vms_build_info.com +$ WRITE SYS$OUTPUT " Using USER_CCFLAGS = ", USER_CCFLAGS +$! +$! $! Check Which Architecture We Are Using. $! $ IF (F$GETSYI("CPU").GE.128) @@ -100,6 +121,15 @@ $! Check To Make Sure We Have Valid Command Line Parameters. $! $ GOSUB CHECK_OPTIONS $! +$! +$! Determine the version number. +$! +$ GOSUB read_version_info +$! +$! Create the Ident options file. +$! +$ GOSUB CREATE_OPT_FILE +$! $! Check To See What We Are To Do. $! $ IF (BUILDCOMMAND.EQS."ALL") @@ -156,6 +186,14 @@ $! Build The [.xxx.EXE.APPS] OpenSSL Application Utilities. $! $ GOSUB APPS $! +$! Build The [.VMS.CERT_TOOL] OpenSSL Certificate Utility. +$! +$ GOSUB CERT_UTIL +$! +$! Build the shareable images - LIBSSL & LIBCRYPTO. +$! +$ @mkshared +$! $! Else... $! $ ELSE @@ -168,7 +206,7 @@ $ ENDIF $! $! Time To EXIT. $! -$ EXIT +$ GOTO CLEAN_UP_PATH $! $! Rebuild The "[.CRYPTO]OPENSSLCONF.H" file. $! @@ -255,7 +293,8 @@ $ THEN $ TYPE [.CRYPTO]OPENSSLCONF.H.IN /OUTPUT=H_FILE: $ ELSE $ WRITE SYS$ERROR "Couldn't find a [.CRYPTO]OPENSSLCONF.H_IN. Exiting!" -$ EXIT 0 +$ EXIT_STATUS = 0 +$ GOTO ERROR_PATH $ ENDIF $ ENDIF $ ENDIF @@ -359,7 +398,7 @@ $ TIME = F$TIME() $! $! Write The [.CRYPTO]BUILDINF.H File. $! -$ WRITE H_FILE "#define CFLAGS """" /* Not filled in for now */" +$ WRITE H_FILE "#define CFLAGS ""''USER_CCFLAGS'"" /* Not filled in for now, but I'll take a crack at it. KSG */" $ WRITE H_FILE "#define PLATFORM ""VMS""" $ WRITE H_FILE "#define DATE ""''TIME'"" " $! @@ -377,7 +416,7 @@ $ SOFTLINKS: $! $! Tell The User We Are Partly Rebuilding The [.TEST] Directory. $! -$ WRITE SYS$OUTPUT "Rebuilding The '[.APPS]MD5.C' And '[.APPS]RMD160.C' Files." +$ WRITE SYS$OUTPUT "Rebuilding The '[.APPS]MD4.C & MD5.C' And '[.APPS]RMD160.C' Files." $! $ DELETE SYS$DISK:[.APPS]MD4.C;*,MD5.C;*,RMD160.C;* $! @@ -737,7 +776,7 @@ $ WRITE SYS$OUTPUT "" $! $! Time To EXIT. $! -$ EXIT +$ GOTO CLEAN_UP_PATH $! $! End The Valid Argument Check. $! @@ -785,7 +824,7 @@ $ WRITE SYS$OUTPUT "" $! $! Time To EXIT. $! -$ EXIT +$ GOTO CLEAN_UP_PATH $! $! End The Valid Arguemnt Check. $! @@ -832,7 +871,7 @@ $ WRITE SYS$OUTPUT "" $! $! Time To EXIT. $! -$ EXIT +$ GOTO CLEAN_UP_PATH $! $! End The Valid Arguement Check. $! @@ -989,7 +1028,7 @@ $ WRITE SYS$OUTPUT "" $! $! Time To EXIT. $! -$ EXIT +$ GOTO CLEAN_UP_PATH $! $! End The Valid Arguement Check. $! @@ -1001,7 +1040,7 @@ $ ENDIF $! $! Time to check the contents of P5, and to make sure we get the correct library. $! -$ IF P5.EQS."SOCKETSHR" .OR. P5.EQS."MULTINET" .OR. P5.EQS."UCX" +$ IF P5.EQS."SOCKETSHR" .OR. P5.EQS."MULTINET" .OR. P5.EQS."UCX" .OR. P5.EQS."TCPIP" .OR. P5.EQS."NONE" $ THEN $! $! Check to see if SOCKETSHR was chosen @@ -1055,6 +1094,40 @@ $! Done with UCX $! $ ENDIF $! +$! Check to see if TCPIP was chosen +$! +$ IF P5.EQS."TCPIP" +$ THEN +$! +$! Set the library to use TCPIP (post UCX). +$! +$ TCPIP_LIB = "[-.VMS]TCPIP_SHR_DECC.OPT/OPT" +$! +$! Tell the user +$! +$ WRITE SYS$OUTPUT "Using TCPIP (post UCX) for TCP/IP" +$! +$! Done with TCPIP +$! +$ ENDIF +$! +$! Check to see if NONE was chosen +$! +$ IF P5.EQS."NONE" +$ THEN +$! +$! Do not use a TCPIP library. +$! +$ TCPIP_LIB = "" +$! +$! Tell the user +$! +$ WRITE SYS$OUTPUT "A specific TCPIP library will not be used." +$! +$! Done with NONE. +$! +$ ENDIF +$! $! Set the TCPIP_TYPE symbol $! $ TCPIP_TYPE = P5 @@ -1076,13 +1149,24 @@ $ WRITE SYS$OUTPUT "The Option ",P5," Is Invalid. The Valid Options Are:" $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT " SOCKETSHR : To link with SOCKETSHR TCP/IP library." $ WRITE SYS$OUTPUT " UCX : To link with UCX TCP/IP library." +$ WRITE SYS$OUTPUT " TCPIP : To link with TCPIP TCP/IP (post UCX) library." +$ WRITE SYS$OUTPUT " NONE : To not link with a specific TCP/IP library." $ WRITE SYS$OUTPUT "" $! $! Time To EXIT. $! -$ EXIT +$ GOTO CLEAN_UP_PATH $ ELSE $! +$! If TCPIP is not defined, then hardcode it to make +$! it clear that no TCPIP is desired. +$! +$ IF P5 .EQS. "" +$ THEN +$ TCPIP_LIB = "" +$ TCPIP_TYPE = "NONE" +$ ENDIF +$! $! Set the TCPIP_TYPE symbol $! $ TCPIP_TYPE = P5 @@ -1129,3 +1213,98 @@ $! $! Time To RETURN... $! $ RETURN +$! +$! Build The OpenVMS Certicate Utility images. +$! +$ CERT_UTIL: +$! +$! Tell The User What We Are Doing. +$! +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "Building OpenSSL Certificate Utility Applications." +$! +$! Go To The [.VMS.CERT_TOOL] Directory. +$! +$! +$ SET DEFAULT SYS$DISK:[.VMS.CERT_TOOL] +$! +$! Build The Application Programs. +$! +$ CC HOSTADDR/PREFIX_LIBRARY_ENTRIES=(ALL_ENTRIES) +$ LINK /EXE=SSL$HOSTADDR.EXE HOSTADDR, SYS$DISK:[--]SSL_IDENT/OPT +$! +$ CC HOSTNAME/PREFIX_LIBRARY_ENTRIES=(ALL_ENTRIES) +$ LINK /EXE=SSL$HOSTNAME.EXE HOSTNAME, SYS$DISK:[--]SSL_IDENT/OPT +$! +$! Go Back To The Main Directory. +$! +$ SET DEFAULT [--] +$! +$! That's All, Time To RETURN. +$! +$ RETURN +$! +$! +$! Create the identification options file. +$! This options file is used to identify the +$! images with the appropriate version numbers, +$! build ident, and symbol matching. +$! +$ CREATE_OPT_FILE: +$ open/write opt_ident ssl_ident.opt +$ write opt_ident "identification=""OpenSSL ",libverstr,""" +$ write opt_ident "build_ident=""",build_ident,"_",build_platform,"_",build_bits,""" " +$ write opt_ident "GSMATCH=",libvmatch,",",libver +$ close opt_ident +$ RETURN +$! +$! +$! The version number reader +$! +$read_version_info: +$ libver = "" +$ open/read vf [.CRYPTO]OPENSSLV.H +$ loop_rvi: +$ read/err=endloop_rvi/end=endloop_rvi vf rvi_line +$ if rvi_line - "SHLIB_VERSION_NUMBER """ .eqs. rvi_line then - + goto loop_rvi +$ libverstr = f$element(1,"""",rvi_line) +$ libvmajor = f$element(0,".",libverstr) +$ libvminor = f$element(1,".",libverstr) +$ libvedit = f$element(2,".",libverstr) +$ libvpatch = f$cvui(0,8,f$extract(1,1,libvedit)+"@")-f$cvui(0,8,"@") +$ libvedit = f$extract(0,1,libvedit) +$ libver = f$string(f$int(libvmajor)*100)+","+- + f$string(f$int(libvminor)*100+f$int(libvedit)*10+f$int(libvpatch)) +$ if libvmajor .eqs. "0" +$ then +$ libvmatch = "EQUAL" +$ else +$ ! Starting with the 1.0 release, backward compatibility should be +$ ! kept, so switch over to the following +$ libvmatch = "LEQUAL" +$ endif +$ endloop_rvi: +$ close vf +$ return +$! +$! +$ ERROR_PATH: +$! +$! +$! +$ CLEAN_UP_PATH: +$! +$ DEASSIGN/JOB OPENSSL_NO_IDEA +$ DEASSIGN/JOB OPENSSL_NO_RC5 +$! +$! Make sure that everyone can access the files. +$! +$ @set_acls +$! +$! +$ EXIT_PATH: +$! +$ BUILD_IDENT = f$extract(f$locate(".BUILD",f$environment("default"))+1,10,f$environment("default")) +$ MAIL nl: /SUB="OPENSSL ''build_ident' is done." smtp%"greaney@star.zko.dec.com",smtp%"Takaaki.Shinagawa@compaq.com" +$! diff --git a/ssl$pcsi.com b/ssl$pcsi.com new file mode 100644 index 000000000..0d86274fe --- /dev/null +++ b/ssl$pcsi.com @@ -0,0 +1,70 @@ +$! +$! SSL$PCSI.COM - This file is executed during the PCSI +$! installation. It's main task is to +$! translate the PCSI$DESTINATION logical +$! and use the equivalence value as the +$! value for SSL$ROOT. +$! +$! P1 = "INSTALL" or "REMOVE", depending whether this procedure +$! is being called during a PRODUCT INSTALL/REMOVE. +$! +$ if p1 .eqs. "INSTALL" +$ then +$ ! Give the person doing the installation a clue where the +$ ! SSL files has been placed. He or she will need +$ ! to know this in order to configure the new installation and +$ ! for editing SYS$MANAGER:SYSTARTUP_VMS.COM +$ +$ ! Rely upon PCSI to set PCSI$DESTINATION up with choice of +$ ! [] or <> in use on this site and to have translated the device NO_CONCEAL. +$ +$ raw_dest = f$trnlnm("PCSI$DESTINATION") +$ raw_dev = f$parse("''raw_dest'",,, "DEVICE", "NO_CONCEAL") +$ raw_dev = f$edit("''raw_dev'", "UPCASE") +$ raw_dir = f$parse("''raw_dest'",,, "DIRECTORY", "NO_CONCEAL") +$ raw_dir = f$edit("''raw_dir'", "UPCASE") +$ +$ sys_common = f$trnlnm("SYS$COMMON") +$ sys_common_dev = f$parse("''sys_common'",,, "DEVICE", "NO_CONCEAL") +$ sys_common_dir = f$parse("''sys_common'",,, "DIRECTORY", "NO_CONCEAL") +$ +$ if "''raw_dir'" .eqs. "''sys_common_dir'" - + .and. "''raw_dev'" .eqs. "''sys_common_dev'" +$ then +$ equiv = sys_common - "]" + "SSL.]" +$ else +$ len = f$length("''raw_dest'") +$ end_ch = f$extract(len - 1, 1, "''raw_dest'") +$ dest_prefix = "''raw_dest'" - "''end_ch'" +$ dest_prefix = "''dest_prefix'" - "000000." +$ +$ equiv = "''dest_prefix'SSL.''end_ch'" +$ endif +$! +$ open/write root_file sys$startup:ssl$define_root.com +$ write root_file "$!" +$ write root_file "$! Do not edit this file." +$ write root_file "$! This file is created by SSL$PCSI.COM. SSL$PCSI.COM should" +$ write root_file "$! be changed to have modifications to this file take effect." +$ write root_file "$!" +$ write root_file "$ DEFINE/SYSTEM/EXECUTIVE_MODE/TRANSLATION=CONCEALED SSL$ROOT ''equiv'" +$ write root_file "$!" +$ close root_file +$! +$ endif +$! +$ if p1 .eqs. "REMOVE" +$ then +$ if f$trnlnm("SSL$ROOT") .nes. "" +$ then +$ deassign/system/executive_mode ssl$root +$ endif +$! +$ if f$search("sys$startup:ssl$define_root.com") .nes. "" +$ then +$ delete sys$startup:ssl$define_root.com;* +$ endif +$! +$ endif +$! +$ exit diff --git a/ssl/install.com b/ssl/install.com index 7fc008f91..cc58b17ee 100644 --- a/ssl/install.com +++ b/ssl/install.com @@ -11,7 +11,11 @@ $ WRITE SYS$OUTPUT "First argument missing." $ WRITE SYS$OUTPUT "Should be the directory where you want things installed." $ EXIT $ ENDIF -$ +$! +$! Define some VMS specific symbols. +$! +$ @[-]vms_build_info +$! $ ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0" $ ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY") $ ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") - @@ -39,8 +43,13 @@ $ IF F$PARSE("WRK_SSLAEXE:") .EQS. "" THEN - CREATE/DIR/LOG WRK_SSLAEXE: $ $ EXHEADER := ssl.h,ssl2.h,ssl3.h,ssl23.h,tls1.h,kssl.h -$ E_EXE := ssl_task -$ LIBS := LIBSSL +$ if build_bits .eqs. "32" +$ then +$ E_EXE := ssl_task,ssl$libssl_shr'build_bits' +$ else +$ E_EXE := ssl_task,ssl$libssl_shr +$ endif +$ LIBS := LIBSSL'build_bits' $ $ VEXE_DIR := [-.VAX.EXE.SSL] $ AEXE_DIR := [-.AXP.EXE.SSL] @@ -79,23 +88,11 @@ $ THEN $ COPY 'VEXE_DIR''E'.OLB WRK_SSLVLIB:'E'.OLB/log $ SET FILE/PROT=W:RE WRK_SSLVLIB:'E'.OLB $ ENDIF -$ ! Preparing for the time when we have shareable images -$ IF F$SEARCH(VEXE_DIR+E+".EXE") .NES. "" -$ THEN -$ COPY 'VEXE_DIR''E'.EXE WRK_SSLVLIB:'E'.EXE/log -$ SET FILE/PROT=W:RE WRK_SSLVLIB:'E'.EXE -$ ENDIF $ IF F$SEARCH(AEXE_DIR+E+".OLB") .NES. "" $ THEN $ COPY 'AEXE_DIR''E'.OLB WRK_SSLALIB:'E'.OLB/log $ SET FILE/PROT=W:RE WRK_SSLALIB:'E'.OLB $ ENDIF -$ ! Preparing for the time when we have shareable images -$ IF F$SEARCH(AEXE_DIR+E+".EXE") .NES. "" -$ THEN -$ COPY 'AEXE_DIR''E'.EXE WRK_SSLALIB:'E'.EXE/log -$ SET FILE/PROT=W:RE WRK_SSLALIB:'E'.EXE -$ ENDIF $ SET ON $ GOTO LOOP_LIB $ LOOP_LIB_END: diff --git a/ssl/ssl-lib.com b/ssl/ssl-lib.com index 313ff2565..fb5ae2094 100644 --- a/ssl/ssl-lib.com +++ b/ssl/ssl-lib.com @@ -49,11 +49,17 @@ $! P5, if defined, sets a TCP/IP library to use, through one of the following $! keywords: $! $! UCX for UCX +$! TCPIP for TCPIP (post UCX) $! SOCKETSHR for SOCKETSHR+NETLIB $! $! P6, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up) $! $! +$! Define USER_CCFLAGS +$! +$ @[-]vms_build_info.com +$ WRITE SYS$OUTPUT " Using USER_CCFLAGS = ", USER_CCFLAGS +$! $! Define A TCP/IP Library That We Will Need To Link To. $! (That Is, If We Need To Link To One.) $! @@ -109,9 +115,27 @@ $! End The Architecture Specific OBJ Directory Check. $! $ ENDIF $! +$! Define The LIS Directory. +$! +$ LIS_DIR := SYS$DISK:[-.'ARCH'.LIS.SSL] +$! +$! Check To See If The Architecture Specific LIS Directory Exists. +$! +$ IF (F$PARSE(LIS_DIR).EQS."") +$ THEN +$! +$! It Dosen't Exist, So Create It. +$! +$ CREATE/DIR 'LIS_DIR' +$! +$! End The Architecture Specific LIS Directory Check. +$! +$ ENDIF +$! $! Define The EXE Directory. $! $ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.SSL] +$ CRYPTO_EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.CRYPTO] $! $! Check To See If The Architecture Specific Directory Exists. $! @@ -128,15 +152,15 @@ $ ENDIF $! $! Define The Library Name. $! -$ SSL_LIB := 'EXE_DIR'LIBSSL.OLB +$ SSL_LIB := 'EXE_DIR'LIBSSL'build_bits'.OLB $! $! Define The CRYPTO-LIB We Are To Use. $! -$ CRYPTO_LIB := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO.OLB +$ CRYPTO_LIB := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO'build_bits'.OLB $! $! Define The RSAREF-LIB We Are To Use. $! -$ RSAREF_LIB := SYS$DISK:[-.'ARCH'.EXE.RSAREF]LIBRSAGLUE.OLB +$ RSAREF_LIB := SYS$DISK:[-.'ARCH'.EXE.RSAREF]LIBRSAGLUE'build_bits'.OLB $! $! Check To See What We Are To Do. $! @@ -222,6 +246,10 @@ $! Create The Source File Name. $! $ SOURCE_FILE = "SYS$DISK:[]" + FILE_NAME + ".C" $! +$! Create The Listing File Name. +$! +$ LIST_FILE = LIS_DIR + FILE_NAME + ".LIS" +$! $! Create The Object File Name. $! $ OBJECT_FILE = OBJ_DIR + FILE_NAME + ".OBJ" @@ -235,7 +263,7 @@ $! $! Tell The User That The File Dosen't Exist. $! $ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Dosen't Exist." +$ WRITE SYS$OUTPUT F$MESSAGE("%X10018290") + ". The File ",SOURCE_FILE," Dosen't Exist." $ WRITE SYS$OUTPUT "" $! $! Exit The Build. @@ -253,7 +281,7 @@ $! $! Compile The File. $! $ ON ERROR THEN GOTO NEXT_FILE -$ CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE' +$ CC/OBJECT='OBJECT_FILE'/LIST='LIST_FILE'/MACHINE_CODE 'SOURCE_FILE' $! $! Add It To The Library. $! @@ -296,7 +324,7 @@ $! $! Tell The User That The File Dosen't Exist. $! $ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The File SSL_TASK.C Dosen't Exist." +$ WRITE SYS$OUTPUT F$MESSAGE("%X10018290") + ". The File SSL_TASK.C Dosen't Exist." $ WRITE SYS$OUTPUT "" $! $! Exit The Build. @@ -325,12 +353,31 @@ $! $ IF (TCPIP_LIB.NES."") $ THEN $! -$! Link With The RSAREF Library And A Specific TCP/IP Library. +$! Link With The RSAREF Library And A Specific TCP/IP Library... $! $ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR'SSL_TASK.EXE - + /MAP='LIS_DIR'SSL_TASK.MAP /FULL/CROSS - 'OBJ_DIR'SSL_TASK.OBJ, - - 'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY,'RSAREF_LIB'/LIBRARY, - - 'TCPIP_LIB','OPT_FILE'/OPTION + 'SSL_LIB'/LIBRARY, - + 'CRYPTO_LIB'/LIBRARY, - + 'RSAREF_LIB'/LIBRARY, - + 'TCPIP_LIB','OPT_FILE'/OPTION, - + SYS$DISK:[-]SSL_IDENT.OPT/OPTION +$! +$! +$! Create the CRYPTO Shareable Image +$!! LINK/'DEBUGGER'/'TRACEBACK'/SHARE='CRYPTO_EXE_DIR'LIBCRYPTO.EXE - +$!!! /MAP='LIS_DIR'LIBCRYPTO.MAP /FULL/CROSS - +$!!! 'CRYPTO_LIB'/LIBRARY, - +$!!! 'CRYPTO_EXE_DIR'LIBCRYPTO.OPT/OPTION +$! +$! +$! Create the SSL Shareable Image +$!! LINK/'DEBUGGER'/'TRACEBACK'/SHARE='EXE_DIR'LIBSSL.EXE - +$!!! /MAP='LIS_DIR'LIBSSL.MAP /FULL/CROSS - +$!!! 'RSAREF_LIB'/LIBRARY, - +$!!! 'EXE_DIR'LIBSSL.OPT/OPTION +$! !!!!!!!! 'TCPIP_LIB','OPT_SHARE_FILE'/OPTION $! $! Else... $! @@ -339,10 +386,26 @@ $! $! Link With The RSAREF Library And NO TCP/IP Library. $! $ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR'SSL_TASK.EXE - + /MAP='LIS_DIR'SSL_TASK.MAP /FULL/CROSS - 'OBJ_DIR'SSL_TASK.OBJ, - 'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY,'RSAREF_LIB'/LIBRARY, - - 'OPT_FILE'/OPTION + 'OPT_FILE'/OPTION, - + SYS$DISK:[-]SSL_IDENT.OPT/OPTION $! +$! +$! Create the CRYPTO Shareable Image +$!! LINK/'DEBUGGER'/'TRACEBACK'/SHARE='CRYPTO_EXE_DIR'LIBCRYPTO.EXE - +$!!! /MAP='LIS_DIR'LIBCRYPTO.MAP /FULL/CROSS - +$!!! 'CRYPTO_LIB'/LIBRARY, - +$!!! 'CRYPTO_EXE_DIR'LIBCRYPTO.OPT/OPTION +$! +$! +$! Create the SSL Shareable Image +$!! LINK/'DEBUGGER'/'TRACEBACK'/SHARE='EXE_DIR'LIBSSL.EXE - +$!!! /MAP='LIS_DIR'LIBSSL.MAP /FULL/CROSS - +$!!! 'RSAREF_LIB'/LIBRARY, - +$!!! 'EXE_DIR'LIBSSL.OPT/OPTION +$! !!!!!!!! 'TCPIP_LIB','OPT_SHARE_FILE'/OPTION $! End The TCP/IP Library Check. $! $ ENDIF @@ -362,9 +425,28 @@ $! $! Don't Link With The RSAREF Routines And TCP/IP Library. $! $ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR'SSL_TASK.EXE - + /MAP='LIS_DIR'SSL_TASK.MAP /FULL/CROSS - 'OBJ_DIR'SSL_TASK.OBJ, - 'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, - - 'TCPIP_LIB','OPT_FILE'/OPTION + 'TCPIP_LIB','OPT_FILE'/OPTION, - + SYS$DISK:[-]SSL_IDENT.OPT/OPTION +$! +$! +$! Create the CRYPTO Shareable Image +$!! LINK/'DEBUGGER'/'TRACEBACK'/SHARE='CRYPTO_EXE_DIR'LIBCRYPTO.EXE - +$!!! /MAP='LIS_DIR'LIBCRYPTO.MAP /FULL/CROSS - +$!!! 'CRYPTO_LIB'/LIBRARY, - +$!!! 'CRYPTO_EXE_DIR'LIBCRYPTO.OPT/OPTION +$! +$! +$! Create the SSL Shareable Image +$!! LINK/'DEBUGGER'/'TRACEBACK'/SHARE='EXE_DIR'LIBSSL.EXE - +$!!! /MAP='LIS_DIR'LIBSSL.MAP /FULL/CROSS - +$!!! 'RSAREF_LIB'/LIBRARY, - +$!!! 'TCPIP_LIB', - +$!!! 'EXE_DIR'LIBSSL.OPT/OPTION +$! !!!!!!!! 'TCPIP_LIB','OPT_SHARE_FILE'/OPTION +$! $! $! Else... $! @@ -373,9 +455,26 @@ $! $! Don't Link With The RSAREF Routines And Link With A TCP/IP Library. $! $ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR'SSL_TASK.EXE - + /MAP='LIS_DIR'SSL_TASK.MAP /FULL/CROSS - 'OBJ_DIR'SSL_TASK.OBJ,- - 'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, - - 'OPT_FILE'/OPTION + 'SSL_LIB'/LIBRARY, - + 'CRYPTO_LIB'/LIBRARY, - + 'OPT_FILE'/OPTION, - + SYS$DISK:[-]SSL_IDENT.OPT/OPTION +$! +$! +$! Create the CRYPTO Shareable Image +$! LINK/'DEBUGGER'/'TRACEBACK'/SHARE='CRYPTO_EXE_DIR'LIBCRYPTO.EXE - +$!!! /MAP='LIS_DIR'LIBCRYPTO.MAP /FULL/CROSS - +$!!! 'CRYPTO_LIB'/LIBRARY, - +$!!! 'CRYPTO_EXE_DIR'LIBCRYPTO.OPT/OPTION +$! +$! +$! Create the SSL Shareable Image +$!! LINK/'DEBUGGER'/'TRACEBACK'/SHARE='EXE_DIR'LIBSSL.EXE - +$!!! /MAP='LIS_DIR'LIBSSL.MAP /FULL/CROSS - +$!!! 'EXE_DIR'LIBSSL.OPT/OPTION +$! !!!!!!!! 'TCPIP_LIB','OPT_SHARE_FILE'/OPTION $! $! End The TCP/IP Library Check. $! @@ -929,7 +1028,7 @@ $ CC = "CC" $ IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" - THEN CC = "CC/DECC" $ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + - - "/NOLIST/PREFIX=ALL" + - + "/PREFIX=ALL" + - "/INCLUDE=(SYS$DISK:[-.CRYPTO],SYS$DISK:[-])" + CCEXTRAFLAGS $! $! Define The Linker Options File Name. @@ -962,7 +1061,7 @@ $ WRITE SYS$OUTPUT "There is no VAX C on Alpha!" $ EXIT $ ENDIF $ IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC" -$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + - +$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'" + - "/INCLUDE=(SYS$DISK:[-.CRYPTO],SYS$DISK:[-])" + CCEXTRAFLAGS $ CCDEFS = CCDEFS + ",""VAXC""" $! @@ -973,6 +1072,7 @@ $! $! Define The Linker Options File Name. $! $ OPT_FILE = "SYS$DISK:[]VAX_VAXC_OPTIONS.OPT" +$ OPT_SHARE_FILE = "SYS$DISK:[]VAX_VAXC_OPTIONS_SHARE.OPT" $! $! End VAXC Check $! @@ -994,12 +1094,13 @@ $! $! Use GNU C... $! $ IF F$TYPE(GCC) .EQS. "" THEN GCC := GCC -$ CC = GCC+"/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + - +$ CC = GCC+"/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'" + - "/INCLUDE=(SYS$DISK:[-.CRYPTO],SYS$DISK:[-])" + CCEXTRAFLAGS $! $! Define The Linker Options File Name. $! $ OPT_FILE = "SYS$DISK:[]VAX_GNUC_OPTIONS.OPT" +$ OPT_SHARE_FILE = "SYS$DISK:[]VAX_GNUC_OPTIONS_SHARE.OPT" $! $! End The GNU C Check. $! @@ -1087,7 +1188,7 @@ $ ENDIF $! $! Time to check the contents, and to make sure we get the correct library. $! -$ IF P5.EQS."SOCKETSHR" .OR. P5.EQS."MULTINET" .OR. P5.EQS."UCX" +$ IF P5.EQS."SOCKETSHR" .OR. P5.EQS."MULTINET" .OR. P5.EQS."UCX" .OR. P5.EQS."TCPIP" .OR. P5.EQS."NONE" $ THEN $! $! Check to see if SOCKETSHR was chosen @@ -1097,7 +1198,7 @@ $ THEN $! $! Set the library to use SOCKETSHR $! -$ TCPIP_LIB = "[-.VMS]SOCKETSHR_SHR.OPT/OPT" +$ TCPIP_LIB = "SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT/OPT" $! $! Done with SOCKETSHR $! @@ -1123,19 +1224,45 @@ $ THEN $! $! Set the library to use UCX. $! -$ TCPIP_LIB = "[-.VMS]UCX_SHR_DECC.OPT/OPT" +$ TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT/OPT" $ IF F$TRNLNM("UCX$IPC_SHR") .NES. "" $ THEN -$ TCPIP_LIB = "[-.VMS]UCX_SHR_DECC_LOG.OPT/OPT" +$ TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT/OPT" $ ELSE $ IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN - - TCPIP_LIB = "[-.VMS]UCX_SHR_VAXC.OPT/OPT" + TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT/OPT" $ ENDIF $! $! Done with UCX $! $ ENDIF $! +$! Check to see if TCPIP was chosen +$! +$ IF P5.EQS."TCPIP" +$ THEN +$! +$! Set the library to use TCPIP (post UCX). +$! +$ TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT/OPT" +$! +$! Done with TCPIP +$! +$ ENDIF +$! +$! Check to see if NONE was chosen +$! +$ IF P5.EQS."NONE" +$ THEN +$! +$! Do not use a TCPIP library. +$! +$ TCPIP_LIB = "" +$! +$! Done with NONE +$! +$ ENDIF +$! $! Print info $! $ WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB @@ -1151,6 +1278,7 @@ $ WRITE SYS$OUTPUT "The Option ",P5," Is Invalid. The Valid Options Are:" $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT " SOCKETSHR : To link with SOCKETSHR TCP/IP library." $ WRITE SYS$OUTPUT " UCX : To link with UCX TCP/IP library." +$ WRITE SYS$OUTPUT " TCPIP : To link with TCPIP (post UCX) TCP/IP library." $ WRITE SYS$OUTPUT "" $! $! Time To EXIT. diff --git a/submit_build.com b/submit_build.com new file mode 100644 index 000000000..9773db08a --- /dev/null +++ b/submit_build.com @@ -0,0 +1,224 @@ +$! +$! +$! +$ set noon +$ set proc/priv=all +$! +$ arch_name = f$edit(f$getsyi("arch_name"),"UPCASE") +$! +$! +$! +$ inquire new_build "Is this a new build? [Yes]" +$ if new_build .eqs. "" then new_build = "Yes" +$! +$ if new_build +$ then +$! +$! Get the Build Ident number. +$! +$ cms set library crypto$src:[ossl] +$ cms reserve build_ident.dat "" +$ open/read build_version build_ident.dat +$ open/write new_build_version build_ident.dat +$ read build_version build_ident +$ build_ident = f$fao("!4ZL",build_ident+1) +$ write new_build_version build_ident +$ close build_version +$ close new_build_version +$ cms replace build_ident.dat "" +$! +$! Determine the platform to be built on. +$! +$ask_platform: +$ inquire build_platform "What platform are we building? (ALPHA or VAX) [''arch_name'] +$ if build_platform .eqs. "" then build_platform = "ALPHA" +$ if build_platform .nes. "ALPHA" .and. build_platform .nes. "VAX" +$ then +$ write sys$output " " +$ write sys$output " Build platform must be either ALPHA or VAX." +$ write sys$output " " +$ goto ask_platform +$ endif +$! +$ask_cc_flags: +$ inquire cc_qual "What CC qualifiers should be used?" +$ write build_info "$ CC_QUAL == ""''cc_qual'"" " +$! +$! Determine the number of bits - 32 or 64. +$! +$ open/write build_info crypto$res:[ossl]vms_build_info.com +$! +$ write build_info "$!" +$ write build_info "$! Do not edit this file. It is created by SUBMIT_BUILD.COM." +$ write build_info "$! Any changes should be made there." +$ write build_info "$!" +$ write build_info "$ DEFINE/JOB OPENSSL_NO_IDEA TRUE" +$ write build_info "$ DEFINE/JOB OPENSSL_NO_RC5 TRUE" +$ write build_info "$!" +$ write build_info "$!" +$ write build_info "$ BUILD_IDENT == ""''build_ident'"" " +$ write build_info "$ BUILD_PLATFORM == ""''build_platform'"" " +$! +$ if build_platform .eqs. "VAX" +$ then +$ build_bits = 32 +$ write build_info "$!" +$ write build_info "$! " +$ write build_info "$! Since DECC for VAX does not support" +$ write build_info "$! /POINTER_SIZE, we won't use it, and" +$ write build_info "$! just let it default to 32 bits on" +$ write build_info "$! it's own." +$ write build_info "$! " +$ write build_info "$! USER_CCFLAGS == ""/pointer_size=32"" " +$ write build_info "$ USER_CCFLAGS == """" " +$ write build_info "$ BUILD_BITS == ""32"" " +$! +$ else +$ask_bits: +$ inquire build_bits "How many bits are we building? (32 or 64) [64]" +$ if build_bits .eqs. "" then build_bits = 64 +$ if build_bits .nes. "32" .and. build_bits .nes. "64" +$ then +$ write sys$output " " +$ write sys$output " Build bits must be either 32 or 64." +$ write sys$output " " +$ goto ask_bits +$ endif +$ if build_bits .eqs. "64" +$ then +$ write build_info "$ USER_CCFLAGS == ""/pointer_size=64""''cc_qual' " +$ write build_info "$ BUILD_BITS == ""64"" " +$ else +$ write build_info "$ USER_CCFLAGS == ""/pointer_size=32""''cc_qual' " +$ write build_info "$ BUILD_BITS == ""32"" " +$ endif +$ endif +$! +$ask_cms_class: +$ inquire class "What CMS class should be built? [Current]" +$ if class .eqs. "" then cms_class = "/GEN" +$ cms_class == "/GEN=" + "''class'" +$ write build_info "$ CMS_CLASS == ""''CMS_CLASS'"" " +$! +$! +$! Setup platform specific DECC compiler. +$! +$ write build_info "$!" +$ write build_info "$ SET COMMAND CRYPTO$SRC:[OSSL_TOOLS.''build_platform'_DECC_V62]DECC$CLD" +$ write build_info "$!" +$ write build_info "$ DEFINE DECC$COMPILER CRYPTO$SRC:[OSSL_TOOLS.''build_platform'_DECC_V62]DECC$COMPILER.EXE" +$ write build_info "$ DEFINE DECC$COMPILER_MSG CRYPTO$SRC:[OSSL_TOOLS.''build_platform'_DECC_V62]DECC$COMPILER_MSG.EXE" +$ write build_info "$ DEFINE DECC$TEXT_LIBRARY CRYPTO$SRC:[OSSL_TOOLS.''build_platform'_DECC_V62]DECC$RTLDEF.TLB" +$ write build_info "$ DEFINE DECC$TEXT_LIBRARY_REF CRYPTO$SRC:[OSSL_TOOLS.''build_platform'_DECC_V62]" +$ write build_info "$!" +$! +$! Determine if this is a debug build. +$! +$ inquire debug_build "Debug build? [Yes]" +$ if debug_build .eqs. "" then debug_build = "Yes" +$ build_dir = "BUILD_" + "''build_ident'" + "_''build_platform'" + "_''build_bits'" +$ if debug_build .eqs. "Yes" +$ then +$ build_dir = build_dir + "_DEBUG" +$ debug_switch = "/DEBUG" +$ debug_parameter = "DEBUG" +$ else +$ debug_build = "No" +$ debug_switch = "/NODEBUG" +$ debug_parameter = "NODEBUG" +$ endif +$! +$ write sys$output " " +$ write sys$output " New build directory will be ", build_dir +$ write sys$output " " +$! +$! Close the info file. +$! +$ write build_info "$ BUILD_DEBUG == ""''debug_build'"" " +$ write build_info "$ DEBUG_SWITCH == ""''debug_switch'"" " +$ write build_info "$ DEBUG_PARAM == ""''debug_parameter'"" " +$ close build_info +$! +$! Create the new directory structure. +$! +$ create/dir crypto$res:[ossl.'build_dir] +$ set default crypto$res:[ossl.'build_dir] +$ rename/log crypto$res:[ossl]vms_build_info.com crypto$res:[ossl.'build_dir] +$ cms fetch create_dir_struct.com "" +$ cms fetch fetch_from_cms.com "" +$ @create_dir_struct crypto$res:[ossl.'build_dir] +$! +$! Populate the new directory structure. +$! +$ @fetch_from_cms crypto$res:[ossl.'build_dir] crypto$src:[ossl] 'cms_class +$! +$ else +$ inquire build_dir "What build do you want to rebuild? (ie. - BUILD_0001_DEBUG)" +$ old_tree = "CRYPTO$RES:[OSSL.''build_dir']MAKEVMS.COM;" +$ dirnam = f$parse(old_tree) - ".;" +$ if "''dirnam'" .eqs. "" +$ then +$ write sys$output " " +$ write sys$output " ''build_dir' can not be parsed." +$ write sys$output " " +$ write sys$output " No build done. Exiting" +$ write sys$output " " +$ exit +$ endif +$! +$ if f$locate("ALPHA","''build_dir'") .lt. f$length("''build_dir'") +$ then +$ build_platform = "ALPHA" +$ if f$locate("64","''build_dir'") .lt. f$length("''build_dir'") +$ then +$ build_bits = 64 +$ else +$ build_bits = 32 +$ endif +$ else +$ build_platform = "VAX" +$ build_bits = 32 +$ endif +$! +$! +$ if f$locate("DEBUG","''build_dir'") .lt. f$length("''build_dir'") +$ then +$ debug_build = "Yes" +$ debug_switch = "/DEBUG" +$ debug_parameter = "DEBUG" +$ else +$ debug_build = "No" +$ debug_switch = "/NODEBUG" +$ debug_parameter = "NODEBUG" +$ endif +$ endif +$! +$! +$! +$ write sys$output " " +$ write sys$output " All components will now be built. If you only want to build some" +$ write sys$output " components, it is necessary to first build everything as a base." +$ write sys$output " See MAKEVMS.COM for more details." +$ write sys$output " " +$! +$! +$! +$ if "''build_platform'" .eqs. "ALPHA" +$ then +$ submit /log = crypto$res:[ossl.'build_dir'] - + /noprint - + /notify - + /parameters=(all,norsaref,'debug_parameter',decc,none,nothread) - + /queue = ALPHA$BUILD - + crypto$res:[ossl.'build_dir']makevms.com +$ else +$! /queue = NATIVE_VAX$BLD - +$ submit /log = crypto$res:[ossl.'build_dir'] - + /noprint - + /notify - + /parameters=(all,norsaref,nodebug,decc,none,nothread) - + /queue = VAX$BUILD - + crypto$res:[ossl.'build_dir']makevms.com +$ endif +$! +$exit diff --git a/test/install.com b/test/install.com new file mode 100644 index 000000000..23560abc6 --- /dev/null +++ b/test/install.com @@ -0,0 +1,81 @@ +$! INSTALL.COM -- Installs the files in a given directory tree +$! +$! Author: Richard Levitte +$! Time of creation: 22-MAY-1998 10:13 +$! +$! P1 root of the directory tree +$! +$ IF P1 .EQS. "" +$ THEN +$ WRITE SYS$OUTPUT "First argument missing." +$ WRITE SYS$OUTPUT "Should be the directory where you want things installed." +$ EXIT +$ ENDIF +$ +$ ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0" +$ ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY") +$ ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") - + - "[000000." - "][" - "[" - "]" +$ ROOT = ROOT_DEV + "[" + ROOT_DIR +$ +$ DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC +$ DEFINE/NOLOG WRK_SSLTEST WRK_SSLROOT:[TEST] +$ +$ IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN - + CREATE/DIR/LOG WRK_SSLROOT:[000000] +$ IF F$PARSE("WRK_SSLTEST:") .EQS. "" THEN - + CREATE/DIR/LOG WRK_SSLTEST: +$ +$ COM_FILES := SSL$IVP, - + TCRL,TESTCA,TESTENC,TESTGEN,TESTS,TESTSS, - + TESTSSL,TESTS_SHARE,TPKCS7,TPKCS7D, - + TREQ,TRSA,TSID,TVERIFY,TX509 +$ +$ I = 0 +$ LOOP_COM: +$ CF = F$EDIT(F$ELEMENT(I, ",",COM_FILES ),"TRIM") +$ I = I + 1 +$ IF CF .EQS. "," THEN GOTO LOOP_COM_END +$ SET NOON +$ IF F$SEARCH(CF+".COM") .NES. "" +$ THEN +$ COPY 'CF'.COM WRK_SSLTEST:'CF'.COM/log +$ SET FILE/PROT=W:RE WRK_SSLTEST:'CF'.COM +$ ENDIF +$ SET ON +$ GOTO LOOP_COM +$ LOOP_COM_END: +$! +$ VEXE_DIR := [-.VAX.EXE.TEST] +$ AEXE_DIR := [-.AXP.EXE.TEST] +$! +$ EXE_FILES := BFTEST,BNTEST,CASTTEST,DESTEST, - + DHTEST,DSATEST,EXPTEST,HMACTEST, - + IDEATEST,MD2TEST,MD4TEST,MD5TEST, - + MDC2TEST,RANDTEST,RC2TEST,RC4TEST, - + RC5TEST,RMDTEST,RSA_TEST,SHA1TEST, - + SHATEST,SSLTEST +$! +$! +$ I = 0 +$ LOOP_EXE: +$ E = F$EDIT(F$ELEMENT(I, ",", EXE_FILES),"TRIM") +$ I = I + 1 +$ IF E .EQS. "," THEN GOTO LOOP_EXE_END +$ SET NOON +$ IF F$SEARCH(VEXE_DIR+E+".EXE") .NES. "" +$ THEN +$ COPY 'VEXE_DIR''E'.EXE WRK_SSLTEST:'E'.EXE/log +$ SET FILE/PROT=W:RE WRK_SSLTEST:'E'.EXE +$ ENDIF +$ IF F$SEARCH(AEXE_DIR+E+".EXE") .NES. "" +$ THEN +$ COPY 'AEXE_DIR''E'.EXE WRK_SSLTEST:'E'.EXE/log +$ SET FILE/PROT=W:RE WRK_SSLTEST:'E'.EXE +$ ENDIF +$ SET ON +$ GOTO LOOP_EXE +$ LOOP_EXE_END: +$! +$! +$ EXIT diff --git a/test/maketests.com b/test/maketests.com index e0be3dd43..9c03f49cc 100644 --- a/test/maketests.com +++ b/test/maketests.com @@ -44,6 +44,7 @@ $! P4, if defined, sets a TCP/IP library to use, through one of the following $! keywords: $! $! UCX for UCX +$! TCPIP for TCPIP (post UCX) $! SOCKETSHR for SOCKETSHR+NETLIB $! $! P5, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up) @@ -75,6 +76,10 @@ $! End The Architecture Check. $! $ ENDIF $! +$! Define some VMS specific symbols. +$! +$ @[-]vms_build_info +$! $! Check To Make Sure We Have Valid Command Line Parameters. $! $ GOSUB CHECK_OPTIONS @@ -89,15 +94,15 @@ $ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine." $! $! Define The CRYPTO-LIB We Are To Use. $! -$ CRYPTO_LIB := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO.OLB +$ CRYPTO_LIB := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO'build_bits'.OLB $! $! Define The RSAREF-LIB We Are To Use. $! -$ RSAREF_LIB := SYS$DISK:[-.'ARCH'.EXE.RSAREF]LIBRSAGLUE.OLB +$ RSAREF_LIB := SYS$DISK:[-.'ARCH'.EXE.RSAREF]LIBRSAGLUE'build_bits'.OLB $! $! Define The SSL We Are To Use. $! -$ SSL_LIB := SYS$DISK:[-.'ARCH'.EXE.SSL]LIBSSL.OLB +$ SSL_LIB := SYS$DISK:[-.'ARCH'.EXE.SSL]LIBSSL'build_bits'.OLB $! $! Define The OBJ Directory. $! @@ -116,6 +121,23 @@ $! End The Architecture Specific OBJ Directory Check. $! $ ENDIF $! +$! Define The LIS Directory. +$! +$ LIS_DIR := SYS$DISK:[-.'ARCH'.LIS.TEST] +$! +$! Check To See If The Architecture Specific LIS Directory Exists. +$! +$ IF (F$PARSE(LIS_DIR).EQS."") +$ THEN +$! +$! The LIS Directory Dosen't Exist, So Create It. +$! +$ CREATE/DIRECTORY 'LIS_DIR' +$! +$! End The Architecture Specific LIS Directory Check. +$! +$ ENDIF +$! $! Define The EXE Directory. $! $ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.TEST] @@ -177,10 +199,18 @@ $! Create The Source File Name. $! $ SOURCE_FILE = "SYS$DISK:[]" + FILE_NAME + ".C" $! +$! Create The Listing File Name. +$! +$ LIST_FILE = LIS_DIR + FILE_NAME + ".LIS" +$! $! Create The Object File Name. $! $ OBJECT_FILE = OBJ_DIR + FILE_NAME + ".OBJ" $! +$! Create The MAP File Name. +$! +$ MAP_FILE = LIS_DIR + FILE_NAME + ".MAP" +$! $! Create The Executable File Name. $! $ EXE_FILE = EXE_DIR + FILE_NAME + ".EXE" @@ -209,7 +239,7 @@ $! $! Compile The File. $! $ ON ERROR THEN GOTO NEXT_FILE -$ CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE' +$ CC/OBJECT='OBJECT_FILE'/LIST='LIST_FILE'/MACHINE_CODE 'SOURCE_FILE' $ ON WARNING THEN GOTO NEXT_FILE $! $! Check If What We Are About To Compile Works Without A TCP/IP Library. @@ -239,9 +269,11 @@ $! $! Link With The RSAREF Library And A Specific TCP/IP Library. $! $ LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' - + /MAP = 'MAP_FILE' /FULL/CROSS - 'OBJECT_FILE',- 'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY,'RSAREF_LIB'/LIBRARY, - - 'TCPIP_LIB','OPT_FILE'/OPTION + 'TCPIP_LIB','OPT_FILE'/OPTION, - + SYS$DISK:[-]SSL_IDENT.OPT/OPTION $! $! Else... $! @@ -250,9 +282,11 @@ $! $! Link With The RSAREF Library And NO TCP/IP Library. $! $ LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' - + /MAP = 'MAP_FILE' /FULL/CROSS - 'OBJECT_FILE', - 'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY,'RSAREF_LIB'/LIBRARY, - - 'OPT_FILE'/OPTION + 'OPT_FILE'/OPTION, + SYS$DISK:[-]SSL_IDENT.OPT/OPTION $! $! End The TCP/IP Library Check. $! @@ -273,9 +307,11 @@ $! $! Don't Link With The RSAREF Routines And TCP/IP Library. $! $ LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' - + /MAP = 'MAP_FILE' /FULL/CROSS - 'OBJECT_FILE', - 'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, - - 'TCPIP_LIB','OPT_FILE'/OPTION + 'TCPIP_LIB','OPT_FILE'/OPTION, - + SYS$DISK:[-]SSL_IDENT.OPT/OPTION $! $! Else... $! @@ -284,9 +320,10 @@ $! $! Don't Link With The RSAREF Routines And Link With A TCP/IP Library. $! $ LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' - + /MAP = 'MAP_FILE' /FULL/CROSS - 'OBJECT_FILE', - 'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, - - 'OPT_FILE'/OPTION + 'OPT_FILE'/OPTION, SYS$DISK:[-]SSL_IDENT.OPT/OPTION $! $! End The TCP/IP Library Check. $! @@ -763,7 +800,7 @@ $ CC = "CC" $ IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" - THEN CC = "CC/DECC" $ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + - - "/NOLIST/PREFIX=ALL" + - + "/PREFIX=ALL" + - "/INCLUDE=(SYS$DISK:[-])" + CCEXTRAFLAGS $! $! Define The Linker Options File Name. @@ -796,7 +833,7 @@ $ WRITE SYS$OUTPUT "There is no VAX C on Alpha!" $ EXIT $ ENDIF $ IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC" -$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + - +$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'" + - "/INCLUDE=(SYS$DISK:[-])" + CCEXTRAFLAGS $ CCDEFS = CCDEFS + ",""VAXC""" $! @@ -827,7 +864,7 @@ $ WRITE SYS$OUTPUT "Using GNU 'C' Compiler." $! $! Use GNU C... $! -$ CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + - +$ CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'" + - "/INCLUDE=(SYS$DISK:[-])" + CCEXTRAFLAGS $! $! Define The Linker Options File Name. @@ -910,7 +947,7 @@ $ ENDIF $! $! Time to check the contents, and to make sure we get the correct library. $! -$ IF P4.EQS."SOCKETSHR" .OR. P4.EQS."MULTINET" .OR. P4.EQS."UCX" +$ IF P4.EQS."SOCKETSHR" .OR. P4.EQS."MULTINET" .OR. P4.EQS."UCX" .OR. P4.EQS."TCPIP" .OR. P4.EQS."NONE" $ THEN $! $! Check to see if SOCKETSHR was chosen @@ -920,7 +957,7 @@ $ THEN $! $! Set the library to use SOCKETSHR $! -$ TCPIP_LIB = "[-.VMS]SOCKETSHR_SHR.OPT/OPT" +$ TCPIP_LIB = "SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT/OPT" $! $! Done with SOCKETSHR $! @@ -946,19 +983,45 @@ $ THEN $! $! Set the library to use UCX. $! -$ TCPIP_LIB = "[-.VMS]UCX_SHR_DECC.OPT/OPT" +$ TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT/OPT" $ IF F$TRNLNM("UCX$IPC_SHR") .NES. "" $ THEN -$ TCPIP_LIB = "[-.VMS]UCX_SHR_DECC_LOG.OPT/OPT" +$ TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT/OPT" $ ELSE $ IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN - - TCPIP_LIB = "[-.VMS]UCX_SHR_VAXC.OPT/OPT" + TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT/OPT" $ ENDIF $! $! Done with UCX $! $ ENDIF $! +$! Check to see if TCPIP was chosen +$! +$ IF P4.EQS."TCPIP" +$ THEN +$! +$! Set the library to use TCPIP (post UCX). +$! +$ TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT/OPT" +$! +$! Done with TCPIP +$! +$ ENDIF +$! +$! Check to see if NONE was chosen +$! +$ IF P4.EQS."NONE" +$ THEN +$! +$! Do not use a TCPIP library. +$! +$ TCPIP_LIB = "" +$! +$! Done with NONE +$! +$ ENDIF +$! $! Print info $! $ WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB diff --git a/test/ssl$ivp.com b/test/ssl$ivp.com new file mode 100644 index 000000000..c0015305a --- /dev/null +++ b/test/ssl$ivp.com @@ -0,0 +1,163 @@ +$! +$! SSL$IVP.COM -- Performs some tests to show that OpenSSL +$! was installed properly, and it working +$! correctly. +$! +$! Note: This command procedure is based heavily on TESTS.COM. +$! Any changes to this file should be considered for +$! TESTS.COM as well. +$! +$! P1 tests to be performed. Empty means all. +$ +$ __proc = f$element(0,";",f$environment("procedure")) +$ __here = f$parse(f$parse("A.;",__proc) - "A.;","[]A.;") - "A.;" +$ __save_default = f$environment("default") +$ __arch := VAX +$ if f$getsyi("cpu") .ge. 128 then __arch := AXP +$! +$ show time +$! +$ arch_name = f$edit(f$getsyi("arch_name"),"UPCASE") +$! +$ texe_dir := ssl$root:[test] +$ exe_dir := ssl$root:['arch_name'_EXE] +$! +$! set default '__here' +$ on control_y then goto exit +$! +$! Try to run through as many tests as possible +$! rather than exit out on the first error. +$! +$! on error then goto exit +$ +$ if p1 .nes. "" +$ then +$ tests = p1 +$ else +$ tests := - + test_des,test_idea,test_sha,test_md4,test_md5,test_hmac,- + test_md2,test_mdc2,- + test_rmd,test_rc2,test_rc4,test_rc5,test_bf,test_cast,- + test_rand,test_dh !,test_bn,test_dsa +$ endif ! if p1 +$! +$ tests = f$edit(tests,"COLLAPSE") +$! +$! BNTEST := bntest +$ EXPTEST := exptest +$ IDEATEST := ideatest +$ SHATEST := shatest +$ SHA1TEST := sha1test +$ MDC2TEST := mdc2test +$ RMDTEST := rmdtest +$ MD2TEST := md2test +$ MD4TEST := md4test +$ MD5TEST := md5test +$ HMACTEST := hmactest +$ RC2TEST := rc2test +$ RC4TEST := rc4test +$ RC5TEST := rc5test +$ BFTEST := bftest +$ CASTTEST := casttest +$ DESTEST := destest +$ RANDTEST := randtest +$ DHTEST := dhtest +$! DSATEST := dsatest +$ METHTEST := methtest +$ SSLTEST := ssltest +$ RSATEST := rsa_test +$ +$ tests_i = 0 +$ loop_tests: +$ tests_e = f$element(tests_i,",",tests) +$ tests_i = tests_i + 1 +$ if tests_e .eqs. "," then goto exit +$ write sys$output " " +$ write sys$output " Executing ''tests_e' ... " +$ write sys$output " " +$ gosub 'tests_e' +$ goto loop_tests +$ +$ test_des: +$ mcr 'texe_dir''destest' +$ return +$ test_idea: +$ mcr 'texe_dir''ideatest' +$ return +$ test_sha: +$ mcr 'texe_dir''shatest' +$ mcr 'texe_dir''sha1test' +$ return +$ test_mdc2: +$ mcr 'texe_dir''mdc2test' +$ return +$ test_md5: +$ mcr 'texe_dir''md5test' +$ return +$ test_md4: +$ mcr 'texe_dir''md4test' +$ return +$ test_hmac: +$ mcr 'texe_dir''hmactest' +$ return +$ test_md2: +$ mcr 'texe_dir''md2test' +$ return +$ test_rmd: +$ mcr 'texe_dir''rmdtest' +$ return +$ test_bf: +$ mcr 'texe_dir''bftest' +$ return +$ test_cast: +$ mcr 'texe_dir''casttest' +$ return +$ test_rc2: +$ mcr 'texe_dir''rc2test' +$ return +$ test_rc4: +$ mcr 'texe_dir''rc4test' +$ return +$ test_rc5: +$ mcr 'texe_dir''rc5test' +$ return +$ test_rand: +$ mcr 'texe_dir''randtest' +$ return +$ test_bn: +$ write sys$output "starting big number library test, could take a while..." +$ create bntest-vms.fdl +FILE + ORGANIZATION sequential +RECORD + FORMAT stream_lf +$ create/fdl=bntest-vms.fdl bntest-vms.sh +$ open/append foo bntest-vms.sh +$ type/output=foo: sys$input: +<< __FOO__ bc | perl -e 'while () {if (/^test (.*)/) {print STDERR "\nverify $1";} elsif (!/^0$/) {die "\nFailed! bc: $_";} print STDERR "."; $i++;} print STDERR "\n$i tests passed\n"' +$ define/user sys$output bntest-vms.tmp +$ mcr 'texe_dir''bntest' +$ copy bntest-vms.tmp foo: +$ delete bntest-vms.tmp;* +$ type/output=foo: sys$input: +__FOO__ +$ close foo +$ write sys$output "-- copy the [.test]bntest-vms.sh file to a Unix system and run it" +$ write sys$output "-- through sh or bash to verify that the bignum operations went well." +$ write sys$output "" +$ write sys$output "test a^b%c implementations" +$ mcr 'texe_dir''exptest' +$ return +$ test_dh: +$ write sys$output "Generate a set of DH parameters" +$ mcr 'texe_dir''dhtest' +$ return +$ test_dsa: +$ write sys$output "Generate a set of DSA parameters" +$ mcr 'texe_dir''dsatest' +$ return +$! +$ exit: +$! set default '__save_default' +$ show time +$ exit diff --git a/test/tests.com b/test/tests.com index 07a3c7f16..d6972367f 100644 --- a/test/tests.com +++ b/test/tests.com @@ -7,27 +7,53 @@ $ __here = f$parse(f$parse("A.;",__proc) - "A.;","[]A.;") - "A.;" $ __save_default = f$environment("default") $ __arch := VAX $ if f$getsyi("cpu") .ge. 128 then __arch := AXP +$! +$ show time +$! +$ arch_name = f$edit(f$getsyi("arch_name"),"UPCASE") +$! +$ if p2 .eqs. "" then p2 := REGRESSION +$ if p2 .eqs. "REGRESSION" +$ then $ texe_dir := sys$disk:[-.'__arch'.exe.test] $ exe_dir := sys$disk:[-.'__arch'.exe.apps] +$ else +$ texe_dir := ssl$root:[test] +$ exe_dir := ssl$root:['arch_name'_EXE] +$ endif +$! $ $ set default '__here' $ on control_y then goto exit -$ on error then goto exit +$! +$! Try to run through as many tests as possible +$! rather than exit out on the first error. +$! +$! on error then goto exit $ $ if p1 .nes. "" $ then $ tests = p1 $ else +$ if p2 .eqs. "REGRESSION" +$ then +$ tests := - + test_des,test_idea,test_sha,test_md4,test_md5,test_hmac,- + test_md2,test_mdc2,- + test_rmd,test_rc2,test_rc4,test_rc5,test_bf,test_cast,- + test_rand,test_bn,test_enc,test_x509,test_rsa,test_crl,test_sid,- + test_gen,test_req,test_pkcs7,test_verify,test_dh,test_dsa,- + test_ss,test_ca,test_ssl +$ else $ tests := - - test_des,test_idea,test_sha,test_md4,test_md5,test_hmac,- - test_md2,test_mdc2,- - test_rmd,test_rc2,test_rc4,test_rc5,test_bf,test_cast,test_rd,- - test_rand,test_bn,test_ec,test_enc,test_x509,test_rsa,test_crl,test_sid,- - test_gen,test_req,test_pkcs7,test_verify,test_dh,test_dsa,- - test_ss,test_ca,test_engine,test_ssl,test_evp -$ endif + test_des,test_idea,test_sha,test_md4,test_md5,test_hmac,- + test_md2,test_mdc2,- + test_rmd,test_rc2,test_rc4,test_rc5,test_bf,test_cast,- + test_rand,test_bn,test_enc,test_dh,test_dsa +$ endif ! if p2 +$ endif ! if p1 $ tests = f$edit(tests,"COLLAPSE") -$ +$! $ BNTEST := bntest $ ECTEST := ectest $ EXPTEST := exptest @@ -60,6 +86,9 @@ $ loop_tests: $ tests_e = f$element(tests_i,",",tests) $ tests_i = tests_i + 1 $ if tests_e .eqs. "," then goto exit +$ write sys$output " " +$ write sys$output " Executing ''tests_e' ... " +$ write sys$output " " $ gosub 'tests_e' $ goto loop_tests $ @@ -243,4 +272,5 @@ $ $ $ exit: $ set default '__save_default' +$ show time $ exit